Administrative Regulations Home
Recording of Class Lectures by Students
Quiet Hours and No Loitering
Purchasing
Procurement Card (P-Card)
Printing Guidelines
Payment of Medical Care Costs for Student Athletes
Parking and Traffic Regulations
Outside Employment
Excused Absences for Students Called To Active Military Service
Blinn Announcement (Mass Email) Guidelines
Building Access Key and Card Regulation
Institutional Scholarships/Pell Grant Award Coordination
Information Resources Acceptable Use, Security and Copyright Infringement
Incivility Protocol
Hiring Manager’s Guide For Faculty and Staff
Graduation
General Educational Development Test Administration
Flexible Work Schedules
Financial Support for Student Organizations
Final Course Grade Appeal
Faculty Workload, Teaching Load, and Office Hours
Faculty Professional Development
Unearned Tuition Assistance Funds
Facility Naming Rights
Externally Funded Grants and Contracts
Expulsion of Students from Class
Expressive Activities on Campus by Students and Employees
Employee Progressive Discipline
Employee Performance Evaluations
Assistance Animals - Emotional Support Animals
Cell Phone Allowances
Emergency Response Plan
Employee Book Voucher
Emergency Procedures Manual
Athletic Department Drug Testing
Drug and Alcohol Prevention Program (DAAPP)
Disposal of Property
Display Screen Guidelines
Discretionary Time
Direct Deposit, Payroll
Capital Asset Guidelines
Campus Security Authorities
Campus Carry
Information Systems and Services
Information Systems and Information Integrity
Information Systems and Communications Protection
Information Systems Supply Chain Risk Management
Information Systems Security Planning
Administrative Organization Plan - Councils and Committees
Information Systems Security Assessment and Authorization
Information Systems Risk Assessment
Prohibited Technologies and Covered Applications
Information Systems Media Protection
Information Systems Maintenance
Information Systems Security Program
Information Resources Acceptable Use, Security and Copyright Infringement
Information Systems Incident Response
Information Systems Identification and Authentication
Information Access Control
Photo Identification (ID) Card
Faculty Credentialing Procedures
Blinn Alert Notification
Student Code of Conduct
Approved Vendors for Apparel and Promotional Items
Alternate Work Location
Admission Requirements and Registration Eligibility
Web Accessibility
Board Policy/Administrative Regulations Development and Approval
Quarantine Leave for Certain Law Enforcement and EMS Personnel
Outdoor Intramural Spaces Guidelines
Name, Image, and Likeness
Indoor Tabling Guidelines
Hazing Prevention
Credit by Examination, Prior Learning Assessment, Awarding Credit
Additional Education During Term of Employment
Post Accident Drug and Alcohol Testing
Personal Leave
Prohibition Against Inducements, Commission and High-Pressure Recruitment Tactics for Service Members
Continuity of Operations Plans
Employee Complaints
Community Users of the Blinn College Library
College District Closures
College District Brand Guidelines
College Catalog Policy
Information Systems Physical and Environmental Protection
Information Systems Personnel Security
Information Systems Contingency Planning
Information Systems Configuration Management
Information Systems Awareness and Training
Information Systems Audit and Accountability
Awarding Incomplete Grades
Athletic Awards Criteria
Assessment of Instructional Programs and Courses
Board Policy CS - Information Systems

Administrative Regulations Home Recording of Class Lectures by Students Quiet Hours and No Loitering Purchasing Procurement Card (P-Card) Printing Guidelines Payment of Medical Care Costs for Student Athletes Parking and Traffic Regulations Outside Employment Excused Absences for Students Called To Active Military Service Blinn Announcement (Mass Email) Guidelines Building Access Key and Card Regulation Institutional Scholarships/Pell Grant Award Coordination Information Resources Acceptable Use, Security and Copyright Infringement Incivility Protocol Hiring Manager’s Guide For Faculty and Staff Graduation General Educational Development Test Administration Flexible Work Schedules Financial Support for Student Organizations Final Course Grade Appeal Faculty Workload, Teaching Load, and Office Hours Faculty Professional Development Unearned Tuition Assistance Funds Facility Naming Rights Externally Funded Grants and Contracts Expulsion of Students from Class Expressive Activities on Campus by Students and Employees Employee Progressive Discipline Employee Performance Evaluations Assistance Animals - Emotional Support Animals Cell Phone Allowances Emergency Response Plan Employee Book Voucher Emergency Procedures Manual Athletic Department Drug Testing Drug and Alcohol Prevention Program (DAAPP) Disposal of Property Display Screen Guidelines Discretionary Time Direct Deposit, Payroll Capital Asset Guidelines Campus Security Authorities Campus Carry Information Systems and Services Information Systems and Information Integrity Information Systems and Communications Protection Information Systems Supply Chain Risk Management Information Systems Security Planning Administrative Organization Plan - Councils and Committees Information Systems Security Assessment and Authorization Information Systems Risk Assessment Prohibited Technologies and Covered Applications Information Systems Media Protection Information Systems Maintenance Information Systems Security Program Information Resources Acceptable Use, Security and Copyright Infringement Information Systems Incident Response Information Systems Identification and Authentication Information Access Control Photo Identification (ID) Card Faculty Credentialing Procedures Blinn Alert Notification Student Code of Conduct Approved Vendors for Apparel and Promotional Items Alternate Work Location Admission Requirements and Registration Eligibility Web Accessibility Board Policy/Administrative Regulations Development and Approval Quarantine Leave for Certain Law Enforcement and EMS Personnel Outdoor Intramural Spaces Guidelines Name, Image, and Likeness Indoor Tabling Guidelines Hazing Prevention Credit by Examination, Prior Learning Assessment, Awarding Credit Additional Education During Term of Employment Post Accident Drug and Alcohol Testing Personal Leave Prohibition Against Inducements, Commission and High-Pressure Recruitment Tactics for Service Members Continuity of Operations Plans Employee Complaints Community Users of the Blinn College Library College District Closures College District Brand Guidelines College Catalog Policy Information Systems Physical and Environmental Protection Information Systems Personnel Security Information Systems Contingency Planning Information Systems Configuration Management Information Systems Awareness and Training Information Systems Audit and Accountability Awarding Incomplete Grades Athletic Awards Criteria Assessment of Instructional Programs and Courses Board Policy CS - Information Systems

Information Systems and Information Integrity

BLINN COLLEGE ADMINISTRATIVE REGULATIONS MANUAL

SUBJECT: Information Systems and Information Integrity

EFFECTIVE DATE: March 1, 2020; amended September 19, 2023

BOARD POLICY REFERENCE: CS

PURPOSE

Develop policies and procedures for system and information integrity.

PROCESS

System and Information Integrity Policy and Procedures (SI-01)

The College District

Develops, documents, and disseminates to information system owners and custodians:
1. A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
2. Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and
Reviews and updates the current:
1. System and information integrity policy biennially; and
2. System and information integrity procedures annually.

System and Information Integrity Policy

Flaw Remediation (SI-02)

The College District

Identifies, reports, and corrects information system flaws;
Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;
Installs security-relevant software and firmware updates by the established standards for each type of system of the release of the updates; and
Software and update standards are developed in cooperation with the information system owners, information custodians and CISO based on risk mitigation analysis. (CM-01)
Incorporates flaw remediation into the organizational configuration management process. (CM-03)

Malicious Code Protection (SI-03)

The College District

Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;
Updates malicious code protection mechanisms whenever new releases are available in accordance with College District configuration management policy and procedures;
Configures malicious code protection mechanisms to:
1. Perform periodic scans of the information system weekly at minimum and real-time scans of files from external sources at endpoint; network entry/exit points as the files are downloaded, opened, or executed in accordance with College District security policy; and
2. Block malicious code; quarantine malicious code; send alert to administrator; in response to malicious code detection; and
Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system per incident response plan (IR-08).

Information System Monitoring (SI-04)

The College District

Monitors the information system to detect:
1. Attacks and indicators of potential attacks in accordance with the information security plan; and
2. Unauthorized local, network, and remote connections;
Identifies unauthorized use of the information system through information security plan;
Deploys monitoring devices:
1. strategically within the information system to collect organization-determined essential information; and
2. at ad hoc locations within the system to track specific types of transactions of interest to the organization;
Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;
Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations the Nation based on law enforcement information, intelligence information, or other credible sources of information;
Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and
Provides information security assessment data to information system owners and custodians annually or as needed.

Security Alerts, Advisories and Directives (SI-05)

The College District

The CISO and designees receives information system security alerts, advisories, and directives from internal and external sources as defined in the information security plan on an ongoing basis;
Generates internal security alerts, advisories, and directives as deemed necessary;
Disseminates security alerts, advisories, and directives to information system owners, custodians and users; and
Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Information Input Validation (SI-10)

Check the validity of the information input using lookup tables when available.

Information Management and Retention (SI-12)

The College District handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.