Data Communications Software Implementation and Maintenance

Purpose

To define procedures for implementing and maintaining Data Communications (DC) software that will ensure integrity of data communications.

Scope

All data communications software in use at University of Houston.

Standard

Proper procedures shall be in place to ensure the integrity of the data communications software, and to ensure that no security exposure is posed by the software change control process that governs it.

Guidelines

  1. When selecting DC software, an evaluation and selection of security related options or features must be performed as part of standard procedures.
  2. If a DC software package has security weaknesses, additional security measures will be implemented to correct the security weakness.
  3. Communications software backup - Up-to-date backup of copies of all communications software will be maintained for use in the event of destruction or failure of the primary system. Storage should be on a secure off-site location.
  4. Source executable versions of the DC software must be protected by software mechanisms against unauthorized read and update access.
  5. Where DC software modifications are made to enhance capabilities (e.g., improving throughout), care must be taken that coding does not inadvertently weaken security and control.
  6. Communications hardware backup - Where practical, replacements should be available for critical communications hardware/circuitry, such as:
  7. Abnormal DC hardware, circuit, and software anomalies should be investigated to determine their cause. A permanent incident log should be maintained to detect trends that may reveal potential access penetration attempts.
  8. Automated techniques such as parity and redundancy checks should be used to help detect and correct data transmission errors.