MSC Information Resources
Security Policy Overview
MSC Computer Operations
Texas A&M University
The Memorial Student Center in its efforts to develop high quality programs
and services for its constituents manages a variety of information that
may be considered sensitive and must be accurate and complete. Many staff
and students contribute to the information base and have access to it. Because
of the potential for abuse, a variety of controls have been implemented
to ensure the validity and proper handling of MSC information resources.
Many of these controls are required and enforced through Texas A&M University,
the State of Texas and federal laws. Although MSC Computer Operations is
charged with implementing and monitoring security controls, each individual
in the MSC shares responsibility for ensuring authorized use of these resources.
Proper Use
Unless otherwise designated by a particular funding source, the MSC computer
resources are to be used for MSC operations and functions consistent with
the mission of the MSC. These operations include administrative functions,
customer service activities, program marketing and management, and student
development opportunities. However, because of limited resources, usage
consistent with the MSC mission but not directly related to MSC operations
is not to preclude the availability of resources for priority tasks. Under
no circumstances are the resources to be used for personal gain.
Passwords
The primary key to maintaining adequate information and systems security
is the use of well-selected and guarded user passwords. See the document
Selecting a Good Password for suggestions
on safeguarding your computer account. Your password to a personal account
is to be known only to you. Never share your password with someone else.
In order to provide individual accountability, personal accounts are used.
Where there is a need to share access to information, either a group account
is implemented or different accounts are given common access to the shared
data. Unauthorized access is a violation of law.
Violations
All actual or suspected violations of security and risk management policies
are to be reported to the MSC Computer Operations manager. This person will
immediately determine and implement procedures necessary to verify alleged
violations and to minimize further risk. A procedure has been developed
to ensure appropriate confidential handling of all cases without jeopardizing
the rights or reputation of anyone suspected in error. If a report cannot
be verified, MSC Computer Operations will determine the potential risk and
may require additional procedures to be implemented such as having an authorized
user change their password or having an administrator implement additional
security monitoring controls.
Penalties
Unauthorized use of Texas A&M computers or unauthorized access to
stored data, or dissemination of passwords or other confidential information
to gain access to a computer system or data is in violation of criminal
law. (Computer Crimes,
Section 33.01, Texas Penal Code) and can be a Class B or Class A Misdemeanor
or a Felony of the third degree. Alteration, destruction, or false entry
of data that impairs its validity, legibility or availability of any record
maintained by Texas A&M is a violation of Tampering with Governmental
Record (Section 37.10, Texas Penal Code)--a Class A Misdemeanor.
Regardless of the purpose or intent of the unauthorized access, it is the
policy of Texas A&M
University to recommend the filing of appropriate charges in the Criminal
Justice System for all such violations.
By state law all personnel are required to provide written
acknowledgment that they have received, read and understand the security
policies and procedures. It is the policy of the Memorial Student Center
that this requirement be fulfilled before any authorized access is provided.
Additionally, state law provides for this acknowledgement to be renewed
periodically.
| 
