• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Info For
  • Prospective Students
  • Current Students
  • Residents
  • Faculty & Staff
  • Alumni & Friends
  • Patients & Healthcare
  • Visitors & Community
  • Giving to TTUHSC
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Contact Info
  • HSC Directory
  • HSC Contacts
  • IT Contacts
• Site Maps
  • HSC Site Map
  • IT Site Map

Quick Search

IT Resources

• Information Technology
• Quick Links
  • Available Services
  • Help Desk
  • Security
  • IT Policies
  • Download Software

IT Policies

• Policies
• TTUS Board Of Regents Policies And Procedures
• Security
  • I.T. Resource Management And Responsibilities
  • Managing Physical Security
  • Disaster Recovery
  • Security Safeguards
    • Acceptable Use
    • Account Management And User Responsibilities
    • Administrator/Special Access
    • Backup/Recovery
    • Change Management
    • Email
    • Incident Management
    • Internet And Intranet Connectivity
    • Intrusion Detection
    • Network Access
    • Network Configuration
    • Password/Authentication
    • Asset Management
    • Portable Computing
    • Privacy
    • Monitoring Of I.T. Assets
    • Security Awareness And Training
    • Server Hardening
    • Authorized Software
    • Application System Development, Acquisition, And Lifecycle
    • Vendor Access
    • Viruses And Other Malicious Code
    • Wireless Access
    • Vulnerability Assessment
• Institutional Videoconferencing Systems
• Institutional Computer Naming Convention Standards
• Hardware And Software Standards
• Technology Replacement Schedule
• I.T. Procurement Review
• Intellectual Property Rights
• Copyright
  • Copyright And Computer Software
  • Infringement Of Copyrights On Computing Software
• Web Standards
  • Student Web Publishing Standards
  • TTUHSC Web Publishing Standards
  • Web Site Visual Elements Standards
  • Change Management Procedures For Official TTUHSC Web Pages/Sites
  • Information Services Coding Standards, Security, And Audit Controls
  • E-Commerce Applications
  • Web Use And Copyright Standards
  • State Of Texas Web Publishing Standards
• Disciplinary Process
• Definitions
• Guidelines For Operating Systems Security
• Federal and State Statutes
• Notice of Disclaimer of Liability

HSC Resources

• HSC Home
• Welcome to the HSC
  • Welcome to the HSC
  • TTUHSC Strategic Plan
  • News & Events
  • Fact Books
• Office of the President
• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Centers & Institutes
• Research
• Administration
  • President's Office
  • Administrative Officers
  • Communications
  • Departments
  • Center for International and Multicultural Affairs
  • Rural & Community Health
  • Finance & Administration
  • Information Technology
  • Policies, Manuals and State Reporting
  • Institutional Compliance
• Human Resources
  • Prospective Employees
  • New Employees
  • Current Employees
  • HR Offices
  • Job Opportunities
  • More...
• Libraries
  • Library Catalog
  • Databases
  • Online Books
  • Online Journals
  • Online Reserves
  • More...
• Accreditation
• News & Events
• Emergency Preparedness
• Compliance Hotline

TTUHSC IT Policies

1.1.       I.T. RESOURCE MANAGEMENT AND RESPONSIBILITIES (TAC 202.71, 202.72)

The President has designated the Institutional Information Security Officer (ISO) to review and designate ownership of information resources.  The ISO will work with the owners of information resources to develop strategies to meet their required responsibilities and ensure compliance with the associated responsibilities.  These responsibilities are to be defined, documented, and provided by the Information Security Officer. 

Owner Responsibilities – the owner or their designated representative(s) are responsible for and authorized to:

• Classify business functional information into the following categories:
  • Confidential information, as defined by TAC 202.1(3), includes:
    • Social Security numbers,
    • Credit card information,
    • Other personal financial information,
    • Student records, and
    • Patient health information.

Additional information can be found in the Attorney General of Texas’ Public Information 2006 Handbook.

• Restricted Personal information - includes social security numbers or other data protected under state or federal law (e.g., financial, medical, or student data).

  • Mission Critical Information - includes information that is essential to HSC operations.
  • Non-critical Information - includes information that is generally available to the public or has a minimum impact on HSC customers.
• Information system owners, in collaboration with the Information Security Officer or designee, shall assess a risk level based on the inherent risk with a ranking of “High”, “Medium”, or “Low”.  The criteria for each level are:
  • High Risk
    • Involve large dollar amounts, or significantly important information that would impact the operations of the HSC, or
    • Contain confidential or sensitive data, or
    • Impact a large number of people or networks.
  • Medium Risk
    • Involve a moderate or low dollar value, or
    • Information that could potentially create problems for the parties involved, or
    • Impact a moderate portion of the Institution’s customer base.
  • Low Risk
    • Generally available public information, or
    • Result in a relatively small impact for the HSC.
• Approve access and formally assign custody of an information resource asset;
• Specify data control requirements, based on risk assessment, to the custodian and user of the information resource;
• Verify the controls are in place and compliance is met; and
• Review access permissions based on security risk assessment.

Custodian Responsibilities - the custodian of information resources is responsible for:

• Implementing the controls specified by the owner(s),
• Providing physical and procedural safeguards for the resource,
• Assisting owner in evaluating the cost-effectiveness of controls and monitoring, and
• Implementing the monitoring techniques and procedures for detecting, reporting, and investigating incidents.

User Responsibilities - the user of the information resources is responsible for:

• Using the resources only for the designed purpose, and
• Complying with the controls specified by the owner(s).

See Section 1.4.1 for further responsibilities.       

Managing Security Risks

A security risk analysis of information resources shall be performed and documented.  Annual risk assessments will be conducted on information resources classified as high risk.  Biennial risk assessments will be conducted on information resources classified as medium or low risk.  Security risk assessment results, vulnerability reports and other security analysis information shall be presented to the President of the HSC or their designated representative(s).  The President of the HSC or designated representative(s) shall make the final security risk management decisions to either accept the risks or to modify the security and controls for the information resources based on its value and sensitivity.  The President of the HSC or their designated representative(s) must approve the final security risk management plan.

Texas Tech University Health Sciences Center, 3601 4th Street, Lubbock, TX 79430
806.743.1000
it.webmaster@ttuhsc.edu

Campus Webmasters | Recommended Web Site Viewing Requirements | General Policy Information

State of Texas Web Site | SAO Fraud Reporting | DMCA Compliance | Texas Homeland Security | TTUHSC Energy Conservation Report

TTUHSC Home | Texas Tech University System | Texas Tech University

©2009 Texas Tech University Health Sciences Center | All Rights Reserved