The purpose of this policy is to ensure information resources and services promote the basic mission of the University. Sam Houston State University (SHSU) established information resources and services for the use and benefit in its conduct of academic, business, and other official operations.
This article outlines the policy around computer account management.
This policy establishes guidelines and requirements for creating and managing passwords within Sam Houston State University (SHSU) information resources to help protect sensitive information, prevent unauthorized access, and reduce the risk of data breaches or malicious activities.
This policy covers what is acceptable use of university information resources.
The policy aims to protect Sam Houston State University's (SHSU) information resources by restricting remote access. It allows eligible SHSU users to securely access the university’s network via VPN from a remote location.
This policy outlines responsibilities of information owners, information custodians, and information security officers for standards, integrity and security of SHSU operational data.
This policy explains how to classify data into the three categories: confidential, protected, and public.
This policy outlines the process and requirements for dealing with a cybersecurity incident such as malware, ransomeware, or improper use of an information system.
The purpose of the System Development & Acquisition Policy is to ensure that security is an integral part of Sam Houston State University (SHSU and/or University) system planning and management, and the business processes associated with those systems.
This policy outlines the encryption requirements for confidential data in compliance with state and federal statutes.
This policy covers outlines the process of backup and restoral of data for data loss prevention and disaster recovery.
This policy outlines requirements to assure the reliability, security, integrity, and availability of the telecommunications network infrastructure.
The purpose of the Security Awareness and Training Policy is to describe the requirements that ensure each user of SHSU information resources receives adequate training on technology security concepts and issues.
The purpose of this policy is to establish the framework to protect Sam Houston State University (SHSU) servers against unauthorized access, disclosure, modification, or destruction and to assure the availability, integrity, authenticity, and confidentiality of information.
Technical support staff will properly sanitize information resources prior to transfer, sale, or disposal. It is imperative that all devices capable of storing SHSU information be sanitized in a way that will make data recovery impossible.
Non-disclosure agreements are contracts intended to protect information considered to be sensitive or confidential. Information resources shall be used only for intended purposes as defined by Sam Houston State University (SHSU) and in compliance with applicable laws.
IT risk assessments are designed to assess the security posture of a system or application with the purpose of management’s awareness of the major security risks in the Sam Houston State University (SHSU) infrastructure and recommend mitigation plans of these risks.
The purpose of this policy is to provide a set of measures that will mitigate information security risks associated with IT Administrators/Special Access.
The purpose of the Authorized Software Policy is to provide a set of measures that will mitigate information security risks associated with authorized software.
SHSU electronic communication services support the educational and administrative activities of the University and serve as a means of official communication by and between users and SHSU. The purpose of this policy is to ensure that these critical services remain available and reliable, and are used for purposes appropriate to the University’s mission.
The purpose of this policy is to protect Sam Houston State University’s (SHSU) information resources by implementing boundary protections to restrict network access to and from these resources.
The purpose of the Identification/Authentication Policy is to ensure the security and integrity of Sam Houston State University (SHSU) data and information resources by employing controls for securing user identification and authentication credentials. SHSU uses the three (3) basic authentication methods: something you know (i.e., a password), something you have (i.e., smart card, smart phone, hardware token, or ID), and something you are (i.e., fingerprint or other biometrics).
The purpose of the Intrusion Detection/Prevention and Security Monitoring Policy is to outline university policy regarding the monitoring, logging and retention of network packets that traverse SHSU networks, as well as observe events to identify problems with security policies, document existing threats and evaluate/prevent attacks.
This policy is intended to provide information to university information resource administrators and users to improve the resistance to, detection of, and recovery from the effects of malicious code.
This policy is intended to establish standards for securing IT data centers, network closets and protected IT facilities on Sam Houston State University (SHSU) premises. Effective implementation of this policy will minimize unauthorized access to these locations, provide more effective auditing of physical access controls, and ensure environmental threats to IT data centers are monitored and remediated in a timely manner.
To maintain the confidentiality, integrity, and availability of information resources at SHSU, the Portable Computing Policy establishes requirements for safeguarding portable devices.
The purpose of the Privacy Policy is to clearly communicate privacy expectations to SHSU information technology resource users.
The purpose of this policy is to define standards for connecting to SHSU information technology resources. These standards are designed to minimize the potential exposure to SHSU from damages which may result from unauthorized use of SHSU information technology resources.
The purpose of the Application Security Policy is to avoid inadvertent release of confidential or sensitive information, minimize risks to users and the University, and ensure the availability of critical applications
This document establishes specific minimum requirements for information that must be supplied to the Sam Houston State University Information Security Officer. (See Texas Government Code Title 10, Subtitle B, Chapter 2054, Subchapter A, Section 517).
Sam Houston State University (SHSU), a HIPAA Hybrid Entity, and its Health Care Components (HCCs) are accountable to the Department of Health and Human Services and to individuals for the proper safeguarding of the private information entrusted to their care. To enable HCCs in accordance with 45 C.F.R. § 164.400 et seq. to comply with applicable state and federal laws and regulations governing notice to affected individuals in the event of a breach of patient privacy.
Sam Houston State University (SHSU) is committed to making its website and other electronic and information resources accessible to all users, including persons with disabilities. The purpose of the Electronic and Information Resources Accessibility Policy is to ensure University compliance with accessibility standards set forth in Texas Government Code § 2054.451, et. seq., Title 1 Texas Administrative Code (TAC) Chapters 206 and 213, and related state and federal law.