Currently, all documents are in PDF format. Adobe Acrobat Reader is required to view them.
Stay up to date on changes to Policies & Best Practices with the
RSS Feed
General
Information Technology Security Strategy
Exception Process
Glossary of Terms
Positions of Authority for Each Campus or Institute
Matrices
Information Technology Security Responsibilities Black & White Color
Establishes and Maintains the Standards Responsibilities
Implementation Responsibilities
Oversight Responsibilities
All Matrices
Best Practices
- Availability Planning and Best Practices:
Last Updated: August 6, 2007
This document outlines the University of Tennessee System security best practices for protecting the availability of computer systems. - Incident Response Process:
Last Updated: August 8, 2007
This Best Practice provides specific information for designing a process for each campus or institute to handle information systems security incidents or suspected information systems security incidents. - Media Sanitization:
Last Updated: August 13, 2007
This document describes guidelines for properly removing information, a process called sanitization, from University of Tennessee IT resources. - Multifunction Devices (Draft):
Last Updated: November 2, 2007
This document outlines the University of Tennessee best practices for securing Multifunction Devices. - Passwords:
Last Updated: August 13, 2007
This document describes guidelines for selecting strong passwords and protecting them from unauthorized disclosure. - Protecting Restricted Information:
Last Updated: August 13, 2007
This document outlines best practices that can be used to guard against the unauthorized disclosure or modification of restricted information. - Secure Desktop and Laptop:
Last Updated: August 7, 2007
This document outlines the University of Tennessee best practices for securing desktop and laptop resources. - Secure Network Infrastructure:
Last Updated: August 13, 2007
This document will provide recommendations on the planning, design, placement, configuration and management of core network infrastructure devices. - Secure Server:
Last Updated: November 28, 2007
This document outlines the University of Tennessee best practices for securing server resources. - All Best Practices:
Last Updated: November 28, 2007
This is a ".zip" file containing ".pdf" versions of the above best practices.
Policies
- Acceptable Use Of Information Technology Resources - Policy No.: IT0110
(Draft):
Last Updated: October 17, 2007
This document describes guidelines for using The University of Tennessee's computer and Information Technology Resources. - Information Classification - Policy No.: IT0115 (Draft):
Last Updated: August 7, 2007
This policy defines a framework for categorizing information according to the perceived risk to the university and assigns the responsibility to identify and designate the classification of the information. - Information Classification Form (Draft)
- Computer System Classification - Policy No.: IT0116 (Draft):
Last Updated: August 13, 2007
This document established the framework for categorizing computer systems according to the expected impact to university operations should the system experience an interruption of service. - Secure Network Equipment and Wiring - Policy No.: IT0120 (Draft):
Last Updated: August 7, 2007
This document describes guidelines for creation and maintenance of a secure information systems infrastructure. - All Policies:
Last Updated: October 17, 2007
This is a ".zip" file containing ".pdf" versions of the above policies.
State and Federal Laws and Regulations
Tennessee State Law for Personal Information Breach
Tennessee Computer Crimes Act
Health Insurance Portability and Accountability Act (HIPAA)
The Family Educational Rights and Privacy Act (FERPA)
The Gramm-Leach Bliley Act (GLBA)
Other Regulations
Payment Card Industry (PCI) Compliance