December 9, 1994
Appendix M - Computer Security Policy Summary Statement
Texas A&M University Computer Security Policy
January 1994
Summary StatementTexas A&M University has developed a comprehensive computer security policy statement. This summary statement presents an overview and the key points of the Texas A&M University Computer Security Policy.
The Information Resources at Texas A&M University are extensive and are readily available to authorized users. This availability of computer hardware, software, and database resources brings with it the responsibility to protect those resources from unauthorized access, unauthorized use, or inappropriate use. During the past several years, much has been written about viruses, worms, and hackers. While these are very real and present dangers, we must also be aware of the dangers from careless activities regarding Information Resources at Texas A&M University, particularly in the network environment.
The Texas A&M University Computer Security Policy is available electronically through GOPHER. Each Computing and Information Services general access computing facility has printed copies of the document available for reading.
The main items of the Computer Security Policy are:
- Each user of an Information Resource must be responsible for certain key aspects of security, which include:
- Appropriate handling of passwords and password procedures.
- Using resources, hardware and software, in accordance with the owner's guidelines.
- Taking precautions with regard to viruses.
- Following the prescribed procedures for access and use of data.
- Adhering to copyright policies.
- Texas A&M University has instituted certain computer security measures designed to protect the integrity of Information Resources. Any attempt to circumvent these procedures may be a violation of Texas A&M University policies, rules, and regulations, and state and federal statutes.
- A formal organizational structure has been implemented to monitor computer security at Texas A&M University.
- Virus protection software is available at no charge to faculty, staff, and students of Texas A&M University and should be installed on all microcomputer end-user workstations.
- All users of Information Resources acknowledge their reading and understanding of computer security issues each time they logon to a Texas A&M University computer system.
The policy also clearly defines the owners and users of data within the Texas A&M University computing environment. The owners are those persons or offices with responsibility for the collection and maintenance of the data. The owner specifies who may use the data, authorizes specific users access to the data, and specifies how the data may be used. Any access to data without the authorization of the data owner is unauthorized use of the data. The main Texas A&M University administrative systems and owners are:
BPP BPP Operations Center and Fiscal Offices, Budget Offices, Human Resource Offices, and Payroll Offices within Texas A&M University System. FAMIS FAMIS MIS Project Office and Business Offices within Texas A&M University System. NOTIS The NOTIS System Office and the members of the Texas A&M University System NOTIS Library Consortium. SIMS Admissions and Records, Financial Aid, Fiscal Office, and SIMS Executive Committee. It is the responsibility of all users of Information Resources to follow the requirements of the owner of the Information Resources.
Policy statements regarding computer security of Information Resources can be found in:
- The Texas A&M University Regulations, Section 44 and 45
- The Texas A&M University Policy and Procedures Manual, Section 8.1.15