Computer Security

Originator: Chief Information Officer

Subject: Computer Security

The Associate Vice President and Chief Information Officer is responsible for ensuring the security of information maintained on computer systems in accordance with State Agency guidelines. All information maintained on UMGC computers is considered the property of UMGC. Access to UMGC computer systems is restricted to authorized users only. Access to administrative applications is determined by the owners of the institutional data, as follows:

• Financial Systems: Assistant Vice President for Finance
• Personnel and Payroll: Director, Personnel Services
• Student Information System: Associate Vice President for Student Services
• Student Accounts Receivable: Assistant Vice President for Finance
• Financial Aid System: Associate Vice President for Student Services
• Faculty/Course Information System: Dean, Undergraduate Programs Dean, Graduate School of Management and Technology
• Marketing Information System: Director, Information Services

Authorized users of computing facilities are responsible for:

1. Maintaining the security of their passwords;
2. Ensuring that floppy diskettes or other removable media containing sensitive or critical data are put into locking storage when not in use or maintained in areas that are locked when not in use;
3. Backing up critical data maintained on their microcomputers' hard disks;
4. Ensuring that only authorized software is loaded onto any UMGC computer system. Authorized PC software packages are those developed, approved, or installed by the Office of Information Technology, or those obtained from reputable vendors who guarantee their products. The use of unauthorized PC software and programs (software obtained from unauthorized computer bulletin boards, friends, other employees, etc.) is strictly forbidden;
5. Protecting UMGC computers from viruses by using authorized virus protection software and scanning disks;
6. Ensuring that software installed on UMGC computers is not copied illegally;
7. Documenting sensitive or critical PC applications developed for departmental use and used to perform UMGC business;
8. Maintaining the confidentiality of all records as required by applicable University policy, federal, state and local law.
9. Any workstation (terminal, personal computer, etc.) that is left unattended for longer than fifteen minutes is to be protected from unauthorized access by either:
   1. using a screen saver with password protection to prevent access, or
   2. logging off from all computer systems. When using a password-protected screen saver, this password is to be known only to the individual who is responsible for that workstation.