CONTACT US AT:
Information Security Office
301 University Blvd
Suite 4.440
Galveston, TX 77555-0113

Phone: 409.772.3838
Email: iso@utmb.edu

 

Policies and Practice Standards

Information Services policies and practice standards are published under the authority of the UTMB presidents council, and are maintained and up-dated by the I. S. security department. Any comments and/or recommendations should be directed to the Information Security Officer at iso@utmb.edu
POLICIES
2.19.6 - Information Resource Security - Revised 03/31/2012
2.19.9 - Software in Compliance with Copyright Laws - Revised 06/26/2002
2.1.5 - Business Continuity Planning - Effective 12/21/2007
 
PRACTICE STANDARDS
1.0.1 - IR Security Policy Approval Standards - Revised 08/31/2005
1.0.2 - IR Security Practice Standards Approval Process - Revised 08/31/2005
1.0.3 - IR Security Glossary - Revised 03/17/2009
1.0.4 - Data Classification - Effective 07/03/2008
1.0.5 - Administrative Access and Review - Effective 04/06/2012
1.1.1 - Security Monitoring - Revised 05/14/2010
1.1.2 - Intrusion Detection - Effective 03/17/2009
1.1.3 - Malware Detection - Revised 07/08/2009
1.1.4 - Network Configuration - Revised 07/08/2009
1.1.5 - Platform Hardening - Revised 07/08/2009
1.1.6 - Incident Management - Revised 05/08/2012
1.1.7 - Peer to Peer File Sharing - Effective 04/13/2009
1.1.8 - Payment Card Industry Data Security Standard - Effective 01/29/2011
1.1.9 - Securing Public Websites - Effective 11/18/2010
1.2.1 - Password Management - Revised 10/01/2012
1.2.2 - Account Management - Revised 12/11/2012
1.2.3 - Special Access - Revised 07/08/2009
1.2.4 - Vendor Access - Revised 01/15/2013
1.2.5 - Network Access - Revised 07/08/2009
1.2.6 - Physical Access - Revised 05/22/2012
1.2.7 - Wireless Access - Revised 02/23/2009
1.2.8 - Remote Access - Revised 05/21/2012
1.2.9 - Encryption - Effective 05/25/2012
1.3.1 - Change Management - Revised 08/13/2008
1.3.2 - Backup/Data Recovery - Revised 05/23/2012
1.3.3 - System Integrity and Recovery Testing - Revised 07/28/2009
1.3.4 - Backup Retention Periods - Revised 05/23/2012
1.3.5 - System Certification and Accreditation - Effective 05/28/2012
1.4.1 - Reporting of Lost or Stolen Computing Devices/Data - Revised 07/08/2009
1.4.2 - Portable Computing - Revised 03/07/2013
1.4.3 - Education and Awareness - Effective 04/03/2011
3.0.1 - Information Technology Strategic Planning - Effective 07/28/2009
4.0.1 - Project Management - Revised 01/06/2012
 
PROCEDURES
1.1.1.2 - Content Compliance Violation Process - Effective 07/10/2006
1.1.1.3 - Confidential Data-at-Rest Discovery - Effective 12/20/2010
1.1.1.4 - STRM Event Monitoring - Effective 05/13/2010
1.1.4.1 - Firewall Management - Revised 12/01/2011
1.1.4.2 - Seizure (Confiscation) of Rogue Network Equipment - Revised 06/05/2007
1.1.1.5 - Risk Assessment Process - Revised 2/15/2013
1.1.5.1 - Platform Hardening - Revised 12/15/2003
1.1.6.1 - Incident Management - Revised 11/10/2003
1.1.6.2 - Malicious Device Response - Effective - 05/11/2012
1.1.6.3 - CIRT - Abuse Notification Resolution - Effective 05/14/2012
1.1.7.1 - Peer to Peer Configuration - Effective 04/13/2009
1.2.1.1 - Password Creation & Change - Revised 11/10/2003
1.2.3.1 - Password Escrow - Revised 04/08/2004
1.2.3.2 - Access Mgmt. and Security Process Integration - Effective 10/30/2006
1.2.7.1 - Wireless Access - Effective 06/09/2005
1.2.8.1 - EFS Encryption on Mobile Computer - Effective 12/01/2006
1.3.1.1 - Change Management - Revised 07/01/2007
1.3.2.1 - Electronic Media Degaussing and Disposal - Effective 02/28/2007
2.1.3.1 - Texas Public Information Act - Effective 05/16/2006
 
UT SYSTEM POLICIES
UTS 165 - Information Resources Use and Security Policy
 
TEXAS ADMINISTRATIVE CODE
Chapter 202 - Information Security Standards
Chapter 206 - State Web Sites
Chapter 211 - Information Resources Managers
 
OTHER POLICIES
UTMB Information Resources Security Manual
Incident Response Management - Standard Operating Procedures
 
PROPOSED POLICY AND PRACTICE STANDARDS POSTED FOR COMMENT