December 9, 1994
Introduction
Continuing availability of information is essential to the operation of Texas A&M University programs. Expanded use of computers and telecommunications has resulted in more accurate, reliable, and faster information processing, with information more readily available to administration, faculty, and staff than ever before. Texas A&M University has realized increased productivity, in terms of improved delivery of services, enhanced administrative capabilities, and lower operating costs, as a direct result of the growing commitment to use information technology.
Information technology has also brought new administration concerns, challenges, and responsibilities. Information assets must be protected from natural and human hazards. Policies and practices must be established to ensure that hazards are eliminated or their effects minimized.
The focus of information security is on ensuring protection of information and continuation of program operations. Providing efficient accessibility to necessary information is the impetus for establishing and maintaining automated information systems. Protecting that information and the surrounding investment is the impetus for establishing an information security program.
Protecting information assets includes:
- Physical protection of information processing facilities and equipment.
- Maintenance of application and data integrity.
- Assurance that automated information systems perform their critical functions correctly, in a timely manner, and under adequate controls.
- Protection against unauthorized disclosure of information.
- Assurance of the continued availability of reliable and critical information.
Many program operations that traditionally were manual or partially automated are today fully dependent upon the availability of automated information services to perform and support their daily functions. The interruptions, disruption, or loss of information support services may adversely affect Texas A&M University's ability to administer programs and provide services. The effects of such risks must be eliminated or minimized.
Additionally, information entered, processed, stored, generated, or disseminated by automated information systems must be protected from internal data or programming errors and from misuse by individuals inside or outside Texas A&M University. Specifically, the information must be protected from unauthorized or accidental modification, destruction, or disclosure. Otherwise, we risk compromising the integrity of Texas A&M University programs, violating individual rights to privacy, violating copyrights, or facing criminal penalties.
An effective and efficient security management program requires active support and ongoing participation from multiple disciplines and all levels of administration. Responsibilities include identifying vulnerabilities that may affect information assets and implementing cost-effective security practices to minimize or eliminate the effects of the vulnerabilities.
Policy statements regarding computer security of Texas A&M University Information Resources can be found in:
- The Texas A&M University Regulations, Sections 44 and 45
- The Texas A&M University Policy and Procedures Manual, Section 8.1.15
The Texas Department of Information Resources is responsible for coordinating information technology within state government and is an important source of guidelines, standards, and rules governing computer security at Texas A&M University. The relevant documents from DIR are:
- Information Resources: Security and Risk Management Policy, Standards, and Guidelines, March 1993.
- Information Resource Standards, Texas Administrative Code, Section 201.13.
The policies and procedures of this document apply to the mission critical applications and resources operated by Texas A&M University Computing and Information Services. These include applications such as BPP, FAMIS, NOTIS, and SIMS; the campus computer network; and the computing facilities such the IBM/Amdahl environment with MVS and VM, the DEC environment with the VAX/VMS cluster, the Sun/IBM UNIX, and the Cray/SGI supercomputer systems. In the remainder of this document Information Resources will refer to:
- Network Resources - the Texas A&M University computer network. Departmental LANS are not included except as they are connected to the Texas A&M University computer network.
- Hardware Resources - all computing resources operated by Computing and Information Services.
- Software Resources - all mission critical applications operated by Computing and Information Services for Texas A&M University or its customers.