Protection of Student Data
Students and their parents entrust universities with their personal information with the expectation that this information will be used by the universities to serve the needs of the students effectively and efficiently. The University of Texas at Arlington Office of Information Technology (OIT) appreciates the importance of protecting student personal information and is engaged in a number of initiatives in the area of data security. Student record data contained in our administrative databases is maintained strictly on UT Arlington-owned and operated computers, and experiences the same high degree of safeguarding as does all of our institutional data.
The Texas Department of Information Resources (DIR) developed Texas Administrative Code: Information Security Standards 1 TAC §202 on behalf of all state agencies. Additionally, The University of Texas System Information Resources Use & Security Policy serves as our ´Rule Book´ for IT Security matters. These are the guidelines that UT Arlington uses to protect the integrity, security, and confidentiality of data and/or information stored on University computing systems.
All security-related events impacting UT Arlington´s mission-critical Servers are logged, and Operating System privileges are carefully administered and granted to as few people as necessary to support the system. The OIT Enterprise Operations & Systems staff is authorized to manage the implementation of Identification Controls, Authentication Controls, Access Controls, and Secure Configurations and Authorized Services (e.g., Web, Email). UT Arlington´s current student information system offers layered security through a combination of in-house and vendor applications, as well as an IBM Host and Datacom-DB Database, with access restrictions based strictly on business/academic need. Enhanced security measures will be enacted when the new student information system (MyMav) is fully implemented in Summer 2006. Only authorized users will have access to sensitive data in the MyMav system, based on their assigned role. Also, the new MyMav system will run on Oracle´s 9i Relational Database, which provides industry-leading security including row-level security, fine grained auditing, and transparent data encryption. User IDs, passwords and access restrictions will only be assigned to appropriate individuals who need to access MyMav student data.
Another security initiative undertaken was to require that students, faculty and staff present proper identification in order to have their password reset when required. This policy was put in place for three reasons: (1) it had become necessary to address increasing incidents of electronic identity fraud, and (2) recent IT audits were requiring improved password security procedures. The third, and overriding reason, was the firm belief that passwords protect the security of our work and prevent unauthorized access to our accounts. All passwords granting access to UT Arlington´s administrative systems, including MyMav, are required to be changed every 70 days. The University´s FERPA Policy established training requirements for anyone who accesses student records, and the University provides training on FERPA for those individuals. Back to Top
Administrative databases containing student records are backed up nightly by OIT and backup tapes are rotated off-site for disaster recovery purposes. To further help reduce IT vulnerabilities, Disaster Recovery Team members have been engaged in updating the department´s Contingency Recovery Plan. The plan provides a blueprint for the continuation of IT critical functions in the event of disruptions, the protection of sensitive data, and the restoration of normal operations. Back to Top
A secure network provides the foundation for an overwhelming amount of the work of UT Arlington´s faculty, students, and staff. A secure network is also becoming the critical link with alumni, parents, and other constituents. OIT Campus Network and IT Security staffs have forged a strong partnership to help stem the rising tide of digital security problems through well-targeted educational/awareness efforts, streamlined remediation of compromised machines, and leading-edge network applications that provide technical barriers. Within the last two years, projects including firewalls, intrusion prevention and detection systems, vulnerability and application scanning, endpoint compliance, access control and encrypted wireless have been implemented to reduce security problems and enhance the protection and reliability of the university´s network. Back to Top