Section 5: Using Information Assets in Acceptable WaysAnchor: #i1020811
This section establishes how TxDOT protects its information assets from inappropriate uses to reduce risks, such as: exposures to virus attacks, compromising of network systems and services, and legal issues. As part of the Security Awareness Policy, this section lists topics to consider and behavior to avoid. Both ensure that individuals approach using technology and information assets with security considerations in mind and support the “Protect” objective of the Texas CyberSecurity Framework.Anchor: #i1020848
TxDOT will protect its information resources from unnecessary risks by monitoring activity, separating business traffic from guest traffic, limiting the devices that connect to the network, and ensuring that software and devices on its network are owned and appropriately licensed to TxDOT. Paramount to this effort is each individual’s understanding and compliance with this section. TxDOT does provide a Guest network that allows individuals access to personal information on personal devices while on TxDOT property. The Guest network is subject to the same monitoring activity to ensure TxDOT information assets are protected. Texas Government Code §2203.004 prohibits the use of state property for anything other than state use.
Individuals who have a business need to access TxDOT information must complete Form 1828A, “Information Resources Security Compliance and Confidentiality Agreement” to verify they have received the Agency’s direction on the confidentiality of its information and its acceptable uses.Anchor: #i1021219
Individuals who use TxDOT information resources must:
- use the state resources only for state business
- comply with all the security controls established by Agency policies, processes, and procedures
- report theft, loss, or unauthorized disclosure of information
- provide written acknowledgment that they will comply with this policy in the prescribed manner.
Individuals, including those with Administrative rights, who use TxDOT information resources must not:
- disable required software
- conduct illegal activities
- violate TxDOT policies
- release information assets without authorization.
Compliance and Standards
See the “Acceptable Use Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Security Awareness Policy.