Policy Working Group
Charge: To recommend policies for securing the UT System research cyberinfrastructure addressing the following elements:
- Defined Information Security Governance
- Policies, Procedures, Standards and Policy Management Process
- Asset / Data Classification
- Standard Risk Assessment and Management Process
- Access Management Process
- Change Management Process
- Configuration Management Process
- Data Backup and Recovery
- Disaster Recovery Plan
- Information Security Incident Management Process
- Physical Security
- Device Use and Security
- Application Development and Acquisition
- Electronic Records Management
Policies will differ for Phase 1 (the pilot) and Phase 2 (production). (i.e. The decision was made to not allow research using PII during the pilot. However, the production system must accommodate such research.)
[Back to top]
- Provide an environment that is secure for UT faculty to conduct their research.
- Requires a sound backup strategy at all data facilities.
- Ensures protection of intellectual policy.
- Define a "trust framework" which includes an acceptable use policy and agreement so faculty can have confidence that others using the facilities are abiding by practices required to maintain the security for all.
- Establish policies that create a computing environment that complies with regulations required by granting agencies to position UT institutions for competing for such grants.
- Establish policies that allow for creation of a secure environment while not hampering research or faculty members' willingness to use the facilities.
- Influence infrastructure architecture to the extent needed to ensure:
- System reliability, data availability, integrity, and confidentiality;
- Ease of use;
- A range of services to accommodate varying needs such as:
- Storage with fast access to supercomputing needs
- Large capacity storage but without the need to access supercomputer facilities
- Encrypted storage
- Local storage
- Ease of provisioning
- Data life cycle management and deprovisioning
- Secure methods for collaborating with non-UT researchers and organizations
[Back to top]