Information Security Awareness & Guidelines

Computer Accounts & Passwords

"Upon receiving permission to access TAMU System component networks, systems and related databases, I acknowledge my responsibility for strictly adhering to the Texas A&M University System Policy and Regulations, as well as State and Federal regulations. I understand that I will be subject to disciplinary action and criminal prosecution to the full extent of the law (Chapter 33, Title 7 of the Texas Penal Code), if I gain or help others gain unauthorized access to these services. I agree that I shall not attempt to circumvent the computer security system by using or attempting to use any unauthorized information or transactions. I acknowledge that neither I nor anyone else possesses the authority to allow anyone to use my user-id or my password."


Your login ID and password are the first line of defense against unauthorized access and consequently to the safety of valuable data. Please protect them carefully. Don't leave them lying around or on a sticky-note in your office. The bad guys know all the hiding places. You don't want to explain how your ID and password were used to break into University systems! Make your passwords strong by keeping them at least eight characters long, mixing in numbers and capitals, and by avoiding using common English words. Hackers use dictionary files to break passwords - make it as hard on them as you can! AERO domain passwords have the following rules.

  • Must Not contain all or part of the user's account name
  • Be at least six characters in length
  • Contain characters from three of the following four categories:
    • English uppercase characters (A through Z)
    • English lowercase characters (a through z)
    • Base 10 digits (0 through 9)
    • Non-alphanumeric characters (e.g., !, $, #, %)

Computer Account Acceptable Use - what not to do!

  • Do not attempt to access any data or programs contained on TEES or TAMU systems for which your account is not authorized.
  • Do not share your TEES or TAMU information resources account(s), passwords, Personal Identification Numbers (PIN), or similar information or devices used for identification and authorization purposes.
  • Do not create, possess or facilitate the creation of unauthorized copies of copyrighted software.
  • Do not purposely engage in activity that may: harass, threaten or abuse others; degrade the performance of information resources; deprive an authorized user access to TEES or TAMU' resources; circumvent the Agency's computer security measures.
  • Do not intentionally access, create, store or transmit material which TEES or TAMU may deem to be offensive, indecent or obscene (other than in the course of academic research where this aspect of the research has the explicit approval of the official processes for dealing with academic ethical issues).
  • Users shall not otherwise engage in acts against the information technology aims and purposes ofTEES as specified in its governing documents or in rules, regulations and procedures adopted from time to time.
  • All files and documents, including personal files, stored on state computing equipment are subject to open records requests, and may be accessed according to this procedure.
  • Storage of personal e-mail, files and documents on state computer equipment shall be nominal.

Physical Security

When you leave your computer unattended to go to the restroom or lunch, lock the computer by typing CTRL-ALT-DELETE and clicking on the Lock Computer button. This will require your password to log back into the computer and prevent unauthorized people from using your computer while you are away from your desk. Be especially carefully when traveling with a notebook computer. It is a very tempting target of thieves and in addition, your passwords and login IDs may be compromised.

TEES research stored on Notebook computers shall be encrypted for further protection.

Public Places

Be careful what you say in public places. Information you divulge there can be used to help a hacker obtain illegal access to the University network. If you are on a plane and using a notebook computer, think about what would happen if the information on your screen was seen by the wrong person.

Home Computers and Networks

Dialup and broadband networks like cable and DSL connections from home to the University, are just like having your home computer directly connected to the University network. If you home computer becomes compromised, you can be the source of infection for office computers as well. Therefore, there are certain precautions you should take. Home computers used to access University networks should be protected by anti-virus software. This software should be kept up-to-date. Anti-virus software with old data files no longer protects the computer and gives a false sense of security. Keep you home systems safer by using security update sites like Microsoft's Windows Update site ( and making sure you system has all of the critical updates installed.


Email provided by the University System is intended for the purpose of facilitating your work as an employee. It is illegal to use email services provided by the State of Texas for private business purposes. Incidental, non-profit use is acceptable.

Users shall not use email for purposes of political lobbying or campaigning. They shall not intentionally send or forward chain letters or files that contain computer viruses.

Email carries its own security problems. You are very likely to receive email that is crafted to get you to something to reveal sensitive information, to entice you to buy a product or to get you to delete files off your computer that are part of the operating system. Scams, such as sending you information that your credit card is going to be charged for a purchase you did not make, in the hope of enticing you to send them you credit card number and expiration date, are increasingly common. Never give credit card numbers to anyone via email. SPAM (commercial unsolicited email) is very common. Our experience is to just delete it and never respond to it. Doing so just verifies your address as being valid and thus become more valuable to those who sell email lists. Hoaxes are very common and can often be destructive. These emails typically start with a claim the there is a new virus threat that Norton and MacAfee anti-virus software won't catch and that it is the worst computer virus ever created and other hyperbole. It then usually instructs you to delete a file off your computer that is a sure sign it is infected. Of course, very rarely is this actually true. If you receive such a message, don't pass it on to anyone except your computer administrator. He or she will advise you as to its authenticity.

Human Engineering

It is a common attack method to call someone the phone and attempt to get them to reveal their password by claiming to be from the computer help desk or some security authority and claiming to be investigating a security violation. Never reveal your password to anyone and report any such attempts to your Network Administrator.

Using State Property for Personal Gain

It is not permissible to use the computer systems and/or software belonging to the State or Texas for personal gain. You may not use these resources for consulting or other profit making enterprises.

Removal of TEES Software upon Termination

Any TAMU/TEES software installed on home machines as a part of your employment should be removed from your computer upon your leaving employment with TAMU/TEES. The software is the property of TAMU or TEES and may not be used after termination unless otherwise specified by the terms of the software license.

Security Violations

If you notice any weaknesses in TAMU/TEES computer security or you are aware of any incidents or violation of the information security you are required to report that finding to your IT Security management.

Internet/Intranet Use

Software for browsing the Internet/Intranet is provided to authorized users for business and research use only. This software must incorporate all vendor provided security patches. All files downloaded from the Internet must be scanned for viruses using current virus detection software. No offensive or harassing material or personal commercial advertising may be made available via TAMU/TEES Web sites. No files or documents may be sent or received that may cause legal liability for, or embarrassment to TAMU/TEES. Incidental Personal Use of Internet Access is restricted to TAMU/TEES  approved users; it does not extend to family members or other acquaintances. Incidental use must not result in direct costs to TAMU/TEES. Incidental use must not interfere with the normal performance of an employee's work duties.

  • All sensitive TAMU/TEES material transmitted over external network shall be encrypted.
  • All user activity on TAMU/TEES information resources assets is subject to logging and review.

Portable Computing

Portable computing devices are becoming increasingly powerful and affordable. Their small size and functionality are making these devices ever more desirable to replace traditional desktop devices in a wide number of applications. However, the portability offered by these devices may increase the security exposure to groups using the devices

  • Access Protection - Portable computing devices shall be protected from unauthorized access by passwords or other means where possible.
  • Encryption of Sensitive Data - All sensitive data stored on portable computing devices shall be encrypted using approved encryption techniques.

Malicious Code Protection

You will not disable or bypass software safeguarding information resources against malicious code. These applications are designed to ensure your machine does not get infected with computer virus, worms, spyware, etc.


Obtain your security awareness code