This paper was presented at CUMREC '99, The College and University Information Services Conference. It is the intellectual property of the author(s). Permission to print out copies of this paper is granted provided that the copies are not made or distributed for commercial advantage and that the title and authors of the paper appear on the copies. To copy or disseminate otherwise, or to republish in any form, print or electronic, requires written permission from the authors.


Information Technology in Higher Education:
Evolving Learning Environments

Karen Fox, Acting Director
University of Tennessee, Memphis

The easy assimilation of information technologies has become a crucial component for the success of the typical modern business. Unfortunately, institutions of higher education have been consistently reluctant to embrace new technologies that might have served to enhance both administrative operations and academic services. If institutions are to improve, perceptions of how information technology relates to the mission of higher education must be changed. The utilization of information systems must be simplified and technological applications should be relevant to the end user�s needs. Strong, charismatic leaders are essential in order to convince end users that technology adoption is for the good of the university and can aid them in their work and study. In order to develop effective strategic planning, flexible processes should be developed which set priorities according to the mission of the establishment and are able to allocate resources to accomplish a variety of objectives. In order for all of these aspirations to succeed, cultural partitions that exist between institutional factions must be bridged so that universities may act as one comprehensive unit.

The University of Tennessee Memphis
The Health Science Center
INFORMATION TECHNOLOGY

Revised Date: February 1999

UT Memphis is committed to developing and maintaining a technology infrastructure that supports its mission of teaching, research, clinical, and business and community-based activities in a manner that is unsurpassed. To accomplish and fulfill this commitment, UT Memphis has adopted a centrally supported digital network that enables an open flow of information within the University and between the University and the public. UT Memphis manages this information system through a coordinated infrastructure that decentralizes responsibility for publication and stewardship to the sources of most of the information, the academic and administrative units. Similarly computing administration and the academic and administrative units share responsibility for the hardware and software utilized by the University. Computing and Telecommunications is charged with providing the campus network, information systems and services by serving as an information utility, and by coordinating information technology development, acquisition and implementation within the framework of the institutional mission and institutional policy. Computing and network facilities and services are supported by a hybrid funding model with state funding for University-wide services and an established fee structure for specific functions and services. The UT Memphis Planning Committee addresses the allocation of computing resources.

The objective of this document is to set forth the policy and procedures by which computing is structured and utilized to support the University�s mission.

INFRASTRUCTURE

The infrastructure at UT Memphis is a switched fiber optic backbone network (hereinafter referred to as UT Memphis Network) that interconnects networks on the campus to the central computing facility and to each other. It is imperative to maintain an infrastructure sufficient to support the needs of the campus and utilize the infrastructure to the fullest, therefore:

1) Computing and Telecommunications (hereinafter referred to as C&T) will oversee maintenance and development of the infrastructure.

2) C&T is responsible for insuring that an annual review of the infrastructure is conducted by an independent, non-vendor-related firm.

3) Users must assure that adequate space and security for wiring and communications closets are available within prescribed requirements (see C&T Operational Guidelines, Criteria for Communications Closets, on the C&T Home Page).

4) C&T will assure that wiring is maintained at approved standards throughout the campus in order to provide adequate service to all users. Hence, C&T will enforce strict standards related to the level of wiring and connectivity. There can be no exception to these standards.

5) C&T will assure that demands are met for remote site access to the UT system and Internet service. C&T will fulfill this responsibility by maintaining a service agreement between the University and an appropriate vendor and by assuring that the services are provided in accordance with that agreement.

SECURITY

Security is defined as the provision of adequate safeguards against threats in order to maintain confidentiality, reliability, availability, and integrity of information resources. University information resources are vital assets which require protection. C&T is responsible for assuring the security of the network operations and applications on campus.

It is critical for faculty, students, and staff to be aware that University information resources are valuable assets and to be aware of the importance and means required to protect them. This awareness is the first line of defense in maintaining security.

� Faculty, students and staff are expected to follow security policy. The circumvention of security controls for information resources is a violation of this policy. Assisting anyone or requesting anyone to circumvent security controls also is a violation of this policy.

� All information processing areas used to house information resources supporting mission critical applications must be protected by physical controls. These must be appropriate for the size and complexity of the operations and the sensitivity of the systems operated at those locations. Physical access to these areas shall be restricted to authorized personnel. Authorized visitors are to be supervised and their entry and exit recorded in a log.

� C&T will protect the central computer resource by restricting access to authorized personnel using access locks on machine room doors; daily security audit reporting, monitoring console logs for break-in alarms; restricted access to privileged accounts based on job requirements; and, frequent password changes for privileged accounts.

� End-users housing servers will protect them by using software which provides password and virus protection, limiting physical access to authorized personnel, restricting modem connection, and allowing C&T to test security as necessary.

� Passwords for access to systems will be issued by C&T. These passwords must be changed periodically by the named owner of the account. Passwords should be changed every 90 days on all information resources used for mission critical applications. Each individual should have a unique password - passwords should not be shared.

� Information resources may be used only for University-related purposes. For University employees, information resources may be used only for work-related purposes. The Tennessee Open Records Act requires that certain records be made available for inspection on request; however the process of requesting access to such records is by submitting a request to the Office of General Counsel, 66 North Pauline, Suite 428, Memphis, TN 38163. The Open Records Act does not authorize copying or distribution of records, and it is a violation of this policy to distribute information resources or the output of information resources in any other way.

� Unauthorized use, alteration, destruction, or disclosure of information resources is a violation of University policy and a computer�related crime, punishable under the Tennessee Computer Crimes Act and federal Copyright Act which are summarized in Appendix A. It is safest to assume that activities which are unlawful in terms of printed material, such as alteration of a signature, are likewise unlawful in terms of online material. Faculty, students, and staff are responsible for knowing and adhering to these statutes.

� Internet access to the University network infrastructure will be controlled as appropriate by C&T.

� It is not the practice of the University to monitor the contents of electronic messages. However, all information on University equipment is the property of the University and the information in electronic mail and computer files may be subject to access or disclosure under certain circumstances; e.g., requests filed under the Tennessee Open Records Act, during audits, or for legal purposes.

� Network traffic will be monitored on a routine basis to identify loads to adequately size the network and to identify usage patterns.

� The end-user is responsible for securing microcomputer end-user workstations used in sensitive or critical tasks with adequate controls to provide continued confidentiality, integrity, and availability of data stored on the system. Adequate controls are defined as using password protection software and virus protection software as listed in C&T Operational Guidelines, Software Standardization, on the C&T Home Page. Also, it is the responsibility of the end user to backup the system as described in C&T Operational Guidelines, Backup Procedures, on the C&T Home Page. The security controls over the backup resources must be as stringent as the protection of the primary resources.

� Computer software purchased using any University funds is University property and users of this software should protect it as such in accordance with University Fiscal Policy Section 135, Part 01, Copyright Compliance and License Agreements. University software should not be distributed, sold, taken home for personal use, or copied unless allowed by the software license agreement.

HARDWARE AND SOFTWARE

Certain information technology standards have been adopted to insure integrated technology, efficient resource utilization, minimal redundancy, and maximum economies. C&T has developed campus standards for hardware and software that meet campus operational needs and will be supported by C&T. In order to assure effective and efficient implementation of the policy, C&T is assigned oversight responsibility for all purchases of information technology hardware and software. C&T should be contacted for consultation prior to negotiations for acquisition of information technology hardware and software including equipment, computing cycles, programming requirements, and software applications. The following is required to effectuate the policy:

1) All units should consult with C&T to develop an information technology strategy to best meet the needs of their respective units.

2) Approval by C&T is required on all external agreements such as grants, contracts, collaborations or corporate alliances which require or include information technology that interfaces with or utilizes any facet of the UT Memphis Network and Computing Facilities. C&T should be contacted for consultation prior to negotiations for such agreements.

Hardware

Hardware is defined as the physical aspect of computers, telecommunications, and other information technology. Hardware includes not only the computer monitor and processing unit but also the cables, connectors, power supply units, and peripheral devices such as the keyboard, mouse, audio speakers, and printers.

The UT Memphis campus embraces the Intel computing environment as the desktop workstation hardware of choice. For the period of time during which existing Macintosh hardware is utilized, C&T will continue to support the Macintosh hardware; however, new purchases will be Intel hardware. C&T has planned a migration by department to the Intel platform. This migration is scheduled to be completed by December 2001.

Standard Hardware. It is imperative that hardware be verifiably reliable and efficient and of good quality, therefore, computer hardware should be selected from the standard information technology hardware which is listed on the Computer Acquisition Page (see C&T Home Page). It is understood that the standard technology is not always the least expensive. Purchases of standard hardware are covered under the UT Knoxville contract and therefore the bidding process is not required, shipping and handling charges are eliminated, and a three-year maintenance is mandatory with all purchases. Standard hardware is purchased by submitting a Purchasing Requisition to the Purchasing Office.

Due to the fact that non-standard hardware may be incompatible with the network or may have other quality issues, requests for acquisition of hardware not included on the Computer Acquisition Page is discouraged and requires approval of C&T. [Editorial Note: The Computer Acquisition Page is being revised to remove Apple]

Servers. In order to be connected to the UT Memphis Network, servers must be registered with and meet security requirements of C&T. A Server Registration Form is available from the C&T Home Page. C&T will have administrator access to all servers connected to the UT Memphis Network and will audit these servers for security purposes. If security audit by C&T reveals security problems, the server will be disconnected from the network. Servers must be protected by passwords and be physically housed so that only authorized personnel have access to them.

Modems. Due to the significant risk posed to campus network security, modems must not be connected to the UT Memphis Network without approval from C&T. C&T will review each specific request and make security recommendations based on the individual case.

Software

While the value of equipment such as computer hardware is easily appreciated, the larger investment in less tangible information assets such as software, data and automated processes is critical to the overall success of computing on campus. Computer software is defined as a set of computer programs, procedures, and associated documentation concerned with the operation of a computer, computer system, or computer network.

Electronic Mail. Electronic mail is intended to be a convenient way for the faculty, staff, and students to communicate with one another as well as colleagues at other locations. In order for campus communications to flow smoothly, all users of electronic mail must have University electronic mail accounts. Electronic mail accounts are available from C&T by request to the Help Desk. Electronic mail is considered a University-wide service and is therefore supported by state funding.

Internet Access. With departmental approval, software providing access to the World Wide Web (Internet) can be obtained from the C&T. The Internet is to be used for University-related or for University-approved purposes only; use for for-profit activities or use for private or personal business is in violation of the Universitys Work Rules (see Personnel Policy 580) and can result in disciplinary action.

Standard Software. A listing of standard software for administrative and general use is available on the C&T Home Page (see C&T Operational Guidelines, Software Standardization). C&T supports this standard software and works with General Stores to stock the software at an economical price to the University. Requests for acquisition of software for administrative and general use not included in the listing requires approval of C&T. Software that is not a University standard will not be supported by C&T.

Application Software. C&T will assist areas in analyzing systems to determine whether commercial software packages will sufficiently meet computing application needs and should be purchased, or if systems should be developed in house. Existing commercial software is available to meet most needs and this software will be explored before in-house development is considered.

Development Priorities. C&T is committed to developing stateoftheart systems. C&T maintains an application development and technology support staff for the purpose of developing and supporting computing applications and resources on campus. Application requests are prioritized by Deans and Vice Chancellors within their area of responsibility. The Planning Committee is responsible for addressing the priorities campus wide and for allocation of funding and computing resources in response to needs of the campus.

Web Page Development/Ownership.

C&T maintains the UT Memphis World Wide Web Server to aid the instructional, research, and administrative activities of the campus, and to provide access to global electronic resources. The organization of this server is designed to:

1. provide information about UT to both the University community and the outside world with clarity and accuracy;

2. organize network resources for the use of UT students, faculty, staff, alumni, and others;

3. enable members of the UT community to publish their own information, within the general guidelines of the institution, in the manner they deem most appropriate.

Access To Publishing

C&T will maintain a UT Memphis home page that provides official general information concerning the institution, its organization and its policies and that provides pointers to home pages of UT Memphis units. Any officially recognized UT office, unit, project, program, area, or student organization, as well as any individual faculty, student, or staff member, may publish via the UT Memphis Network in accordance with University policies, procedures and guidelines.

UT Memphis recognizes the value and potential of personal publishing on the Internet and so allows students to produce personal Web pages. Faculty and staff personal pages are permitted when created by the individual in his/her capacity as a University employee to promote his/her role with the University and its programs. Personal pages published via the UT Memphis Network cannot be used for personal gain. The University accepts no responsibility for the contents of these pages and will not undertake to edit or preapprove these pages; but, does reserve the right to monitor such pages when published through the University servers and to remove any materials that may be disruptive, offensive to others, harmful to morale, or otherwise in violation of University policies and procedures. University Fiscal Policy Section 175, Part 01 states, "UT cannot protect users from the presence of material they may find offensive. However, such presence must not be represented nor construed as an endorsement or approval by UT."

All units or individuals desiring to publish must register their intent with C&T and be in compliance with the UT Network Publishing Guidelines available on the C&T Home Page (see C&T Operational Guidelines, UT Network Publishing Guidelines).