Texas state law requires that each state agency, including institutions of higher education, have an information security program that is approved by the head of the institution. The framework for the IT Security program can be found in the policies that define how information resources are to be protected.
The goal of the information security program is to attain compliance with State and Federal regulations, help manage risks to University information resources, minimize impacts from IT security incidents, and support the business processes and departmental missions of the University of Texas System Administration . The UT System Administration information security program has been developed to maximize the confidentiality, integrity and availability of information resources.
Backup
and Recovery
|
Implement
robust data backup and recovery capabilities.
|
Change
Management |
Adopt a change management processes
to ensure the reliable and stable operations of information systems and
networks.
|
Disaster
Recovery
|
Develop
and maintain a comprehensive disaster recovery plan which defines several
possible scenarios. Test the
plan. |
Incident
Management And Reporting |
Incident
management is needed to protect information resources and assure continued
operations in the event of a security breach or incident involving University
information systems, or misuse of information resources. Incident reporting is required by
state law. |
Network
Architecture
|
The Network
is designed to be resilient and is configured to take advantage of robust
security features.
|
Physical
Security
|
Maintain
a variety of physical security measures to mitigate or minimize risks to
facilities, equipment and information.
|
Policy
and Compliance
|
Maintain
and update internal security policies and operating procedures and
institute an information security compliance monitoring program. Respond
to internal IT security audits and comply with state and federal
regulations. |
Remote
Access |
Deploy
remote access technologies to minimize risks to information resources
while empowering personnel to be effective when working remotely. |
Risk
Assessment
|
Perform
annual risk assessments of centralized information systems and provide
oversight to departmental Information Security Administrators for decentralized
information system risk assessments.
|
Security
Monitoring |
Deploy
security systems to monitor usage of information systems and networks for
the purpose of identifying and managing security incidents, identifying abuse
of information resources, criminal investigations and regulatory
compliance. |
Security
Technologies
|
Deploy
a comprehensive set of security technologies to address various threats,
both internal and external. This includes firewalls, application
gateways, vulnerability scanning systems, configuration compliance and
patch management systems, anti-spyware and antivirus systems. |
Security
Training
|
Provide
an information security training program for new employees and perform
annual security training for all employees.
|
