CONTACT US AT:
Information Security Office
301 University Blvd
Suite 4.440
Galveston, TX 77555-0113

Phone: 409.772.3838
Email: iso@utmb.edu

 

Policies and Practice Standards

Information Services policies and practice standards are published under the authority of the UTMB presidents council, and are maintained and up-dated by the I. S. security department. Any comments and/or recommendations should be directed to the Information Security Officer at iso@utmb.edu
POLICIES
2.19.6 - Information Resource Security - Revised 03/31/2012
2.19.9 - Digital Millennium Copyright Act Notice and Procedures - Reviewed 03/19/2013
2.1.5 - Business Continuity Planning - Effective 12/21/2007
 
PRACTICE STANDARDS
1.0.1 - IR Security Policy Approval Standards - Revised 08/31/2005
1.0.2 - IR Security Practice Standards Approval Process - Revised 08/31/2005
1.0.3 - IR Security Glossary - Revised 03/17/2009
1.1.1 - Remote Access - Reviewed 3/22/2014
1.1.2 - Account Management - Reviewed 2/07/2014
1.1.3 - Network Access - Reviewed 05/22/2014
1.1.4 - Network Configuration - Revised 07/08/2009
1.1.5 - Platform Hardening - Revised 07/08/2009
1.1.6 - Incident Management - Revised 05/08/2012
1.1.7 - Peer to Peer File Sharing - Effective 04/13/2009
1.1.8 - Payment Card Industry Data Security Standard - Effective 01/29/2011
1.1.9 - Securing Public Websites - Effective 11/18/2010
1.1.19 - Portable Computing - Reviewed 09/17/2013
1.2.2 - Intrusion Detection - Effective 03/17/2009
1.2.3 - Special Access - Revised 07/08/2009
1.2.4 - Vendor Access - Revised 01/15/2013
X.X.X - Malware Detection - Revised 07/08/2009
X.X.X - Wireless Access - Revised 02/23/2009
X.X.X - Security Monitoring - Revised 05/14/2010
1.2.9 - Encryption - Effective 05/25/2012
1.3.1 - Change Management - Revised 08/13/2008
1.3.2 - Backup/Data Recovery - Revised 05/23/2012
1.3.3 - System Integrity and Recovery Testing - Revised 07/28/2009
1.3.4 - Backup Retention Periods - Revised 05/23/2012
1.3.5 - System Certification and Accreditation - Effective 05/28/2012
1.4.1 - Reporting of Lost or Stolen Computing Devices/Data - Revised 07/08/2009
2.2.1 - Education and Awareness - Reviewed 04/19/2014
3.0.1 - Information Technology Strategic Planning - Effective 07/28/2009
7.7.1 - Password Management - Reviewed 04/18/2014
8.8.1 - Administrative Access and Review - Reviewed 5/22/2014
11.11.1 - Physical Access - Reviewed 01/27/2014
14.14.1.1 - Risk Management - Reviewed 04/07/2014
14.14.1.2 - Data Classification - Reviewed 5/22/2014
20.20.1.1 - Project Management - Reviewed 04/25/2014
 
PROCEDURES
1.1.1.2 - Content Compliance Violation Process - Effective 07/10/2006
1.1.1.3 - Confidential Data-at-Rest Discovery - Effective 12/20/2010
1.1.1.4 - STRM Event Monitoring - Effective 05/13/2010
1.1.4.1 - Firewall Management - Revised 12/01/2011
1.1.4.2 - Seizure (Confiscation) of Rogue Network Equipment - Revised 06/05/2007
1.1.1.5 - Risk Assessment Process - Revised 2/15/2013
1.1.5.1 - Platform Hardening - Revised 12/15/2003
1.1.6.1 - Incident Management - Revised 11/10/2003
1.1.6.2 - Malicious Device Response - Effective - 05/11/2012
1.1.6.3 - CIRT - Abuse Notification Resolution - Effective 05/14/2012
1.1.7.1 - Peer to Peer Configuration - Effective 04/13/2009
1.2.1.1 - Password Creation & Change - Revised 11/10/2003
1.2.3.1 - Password Escrow - Revised 04/08/2004
1.2.3.2 - Access Mgmt. and Security Process Integration - Effective 10/30/2006
1.2.7.1 - Wireless Access - Effective 06/09/2005
1.2.8.1 - EFS Encryption on Mobile Computer - Effective 12/01/2006
1.3.1.1 - Change Management - Revised 07/01/2007
1.3.2.1 - Electronic Media Degaussing and Disposal - Effective 02/28/2007
2.1.3.1 - Texas Public Information Act - Effective 05/16/2006
 
UT SYSTEM POLICIES
UTS 165 - Information Resources Use and Security Policy
 
TEXAS ADMINISTRATIVE CODE
Chapter 202 - Information Security Standards
Chapter 206 - State Web Sites
Chapter 211 - Information Resources Managers
 
OTHER POLICIES
UTMB Information Resources Security Manual
Incident Response Management - Standard Operating Procedures
 
PROPOSED POLICY AND PRACTICE STANDARDS POSTED FOR COMMENT