Information Security
- Policies and Standards
- Information Security Home
- Information Security Program
- Knowledge Base / FAQ
- Forms Library
- InfoSec Administrators
- Report an Incident
- Report Data Loss / Theft
- Policies and Standards
- Statistics
- Virus Information
- Security Links
- Security Staff
- Security Council Minutes
- High Risk Security Council
- ISA Council
Contact Us



       Office of Information Security

        301 University Blvd

        Suite 400

        Galveston, TX 77555-0113

        Phone: 409-772-3838

        Email: iso@utmb.edu

POLICIES AND PRACTICE STANDARDS

Information Services policies and practice standards are published under the authority of the UTMB presidents council, and are maintained and up-dated by the I. S. security department. Any comments and/or recommendations should be directed to the Information Security Officer at iso@utmb.edu

POLICIES

2.19.6 - Information Resource Security - Revised 12/21/2007

2.19.9 - Software in Compliance with Copyright Laws - Revised 06/26/2002

PRACTICE STANDARDS

1.0.1 - IR Security Policy Approval Standards - Revised 08/31/2005

1.0.2 - IR Security Practice Standards Approval Process - Revised 08/31/2005

1.0.3 - IR Security Glossary - Revised 03/17/2009

1.0.4 - Data Classification - Effective 07/03/2008

1.1.1 - Security Monitoring - Revised 08/05/2009

1.1.2 - Intrusion Detection - Effective 03/17/2009

1.1.3 - Malware Detection - Revised 07/08/2009

1.1.4 - Network Configuration - Revised 07/08/2009

1.1.5 - Platform Hardening - Revised 07/08/2009

1.1.6 - Incident Management - Revised 07/08/2009

1.1.7 - Peer to Peer File Sharing - Effective 04/13/2009

1.2.1 - Password Management - Revised 07/08/2009

1.2.2 - Account Management - Revised 07/08/2009

1.2.3 - Special Access - Revised 07/08/2009

1.2.4 - Vendor Access - Revised 07/08/2009

1.2.5 - Network Access - Revised 07/08/2009

1.2.6 - Physical Access - Revised 07/08/2009

1.2.7 - Wireless Access - Revised 02/23/2009

1.2.8 - Remote Access - Revised 07/30/2009

1.2.9 - Encryption - Effective 02/28/2009

1.3.1 - Change Management - Revised 08/13/2008

1.3.2 - Backup/Data Recovery - Revised 08/31/2005

1.3.3 - System Integrity and Recovery Testing - Revised 07/28/2009

1.3.4 - Backup Retention Periods - Effective 8/14/2009

1.4.1 - Reporting of Lost or Stolen Computing Devices/Data - Revised 07/08/2009

1.4.2 - Portable Computing - Revised 08/08/2008

3.0.1 - Information Technology Strategic Planning - Effective 07/28/2009

PROCEDURES

1.1.1.2 - Content Compliance Violation Process - Effective 07/10/2006

1.1.4.1 - Firewall Management - Revised 05/19/2005

1.1.4.2 - Seizure (Confiscation) of Rogue Network Equipment - Revised 06/05/2007

1.1.5.1 - Platform Hardening - Revised 12/15/2003

1.1.6.1 - Incident Management - Revised 11/10/2003

1.1.6.2 - Malicious Device Response - Effective - 12/20/07

1.1.6.3 - CIRT - Abuse Notification Resolution - Effective 12/20/07

1.1.7.1 - Peer to Peer Configuration - Effective 04/13/2009

1.2.1.1 - Password Creation & Change - Revised 11/10/2003

1.2.3.1 - Password Escrow - Revised 04/08/2004

1.2.3.2 - Access Mgmt. and Security Process Integration - Effective 10/30/2006

1.2.7.1 - Wireless Access - Effective 06/09/2005

1.2.8.1 - EFS Encryption on Mobile Computer - Effective 12/01/2006

1.3.1.1 - Change Management - Revised 07/01/2007

1.3.2.1 - Electronic Media Degaussing and Disposal - Effective 02/28/2007

2.1.3.1 - Texas Public Information Act - Effective 05/16/2006

UT SYSTEM POLICIES

UTS 165 - Information Resources Use and Security Policy

TEXAS ADMINISTRATIVE CODE

Chapter 202 - Information Security Standards

Chapter 206 - State Web Sites

Chapter 211 - Information Resources Managers

OTHER POLICIES

UTMB Information Resources Security Manual

PROPOSED POLICY AND PRACTICE STANDARDS POSTED FOR COMMENT