Handbook of Operating Procedures > Series 700 Information Resources > 7.3.2 Authorized Software

7.3.2 Authorized Software

A. Purpose

The purpose of this policy is to identify the rules and restrictions for installing, copying, operating software on all University of Texas at Tyler (the "University") Information Resources.

B. Persons Affected

This policy applies to all University staff.

C. Definitions

IR – Information Resources

ISO – Information Security Officer

D. Policy

The University has negotiated special pricing and licensing for a variety of software available to all students, faculty and staff. Other software is readily available in the open market place and may be requested for purchase and installation through the Information Technology department. All software has some kind of licensing agreement under which the user is subject. Some software is considered to pose a security threat to the University, and its use may be restricted.

Any software installed or copied on any University IR must be done so under the licensing agreement between:

• The software vendor or licensor and the University, or
• The software vendor or licensor and the individual user(s).

The following general categories of software are specifically prohibited on all University IR unless specifically authorized in writing by the ISO:

• Software used to compromise the security or integrity of computer networks and security controls such as hacking tools, password descramblers, network sniffers, and port scanners.
• Software that proxies/substitutes the authority of one user for another for the purpose of gaining access to systems, applications, or data illegally.
• Software which instructs or enables the user to bypass normal security controls.
• Software which instructs or enables the user to participate in any activity considered a threat to local, state or national security, including the assistance or transfer of information leading to terrorist activity or construction or possession of illegal weapons.
• Any other software specifically prohibited by the ISO.

The ISO will evaluate software upon request to identify software that is prohibited.

Enforcement

Violation of this policy may result in disciplinary action, which may include termination for employees and temporaries, a termination of employment relations in the case of contractors or consultants, dismissal for interns and volunteers, or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of University information resource access privileges, civil, and criminal prosecution.

E. Reference(s)

Mandated by the Digital Millennium Copyright Act (DMCA)

F. Review Responsibilities and Dates

The Division Head for this Policy is the Chief Information Security Officer and this Policy shall be reviewed every two (2) years or sooner, if necessary, by the Division Head or their designee.