Policy 270.30 - Computer Security

  This Replaces
File: 270.30 270.30
Date: 10/01/96 08/28/95

ORIGINATOR: Chief Information Officer

SUBJECT: Computer Security

The Associate Vice President and Chief Information Officer is responsible for ensuring the security of information maintained on computer systems in accordance with State Agency guidelines. All information maintained on UMUC computers is considered the property of UMUC. Access to UMUC computer systems is restricted to authorized users only. Access to administrative applications is determined by the owners of the institutional data, as follows:

Financial Systems:

Assistant Vice President for Finance

Personnel and Payroll:

Director, Personnel Services

Student Information System:

Associate Vice President for Student Services

Student Accounts Receivable:

Assistant Vice President for Finance

Financial Aid System:

Associate Vice President for Student Services

Faculty/Course Information System:

Dean, Undergraduate Programs Dean, Graduate School of Management and Technology

Marketing Information System:

Director, Information Services

Authorized users of computing facilities are responsible for:

  1. Maintaining the security of their passwords;
  2. Ensuring that floppy diskettes or other removable media containing sensitive or critical data are put into locking storage when not in use or maintained in areas that are locked when not in use;
  3. Backing up critical data maintained on their microcomputers' hard disks;
  4. Ensuring that only authorized software is loaded onto any UMUC computer system. Authorized PC software packages are those developed, approved, or installed by the Office of Information Technology, or those obtained from reputable vendors who guarantee their products. The use of unauthorized PC software and programs (software obtained from unauthorized computer bulletin boards, friends, other employees, etc.) is strictly forbidden;
  5. Protecting UMUC computers from viruses by using authorized virus protection software and scanning disks;
  6. Ensuring that software installed on UMUC computers is not copied illegally;
  7. Documenting sensitive or critical PC applications developed for departmental use and used to perform UMUC business;
  8. Maintaining the confidentiality of all records as required by applicable University policy, federal, state and local law.
  9. Any workstation (terminal, personal computer, etc.) that is left unattended for longer than fifteen minutes is to be protected from unauthorized access by either:
    1. using a screen saver with password protection to prevent access, or
    2. logging off from all computer systems. When using a password-protected screen saver, this password is to be known only to the individual who is responsible for that workstation.