Features
The University of Tennessee System Administration (UTSA) seeks to provide a secure environment for electronic communications, storage, and processing. The University of Tennessee Strategic Plan states “The Strategic Plan also distinguishes and leverages the UT System’s comprehensive portfolio and its educational, research and outreach assets geared to the diversity of the state through campuses and institutes. All focused on a “best-in-class” university system, these multiple components produce considerable benefits for Tennesseans.” A sound, comprehensive, and active IT security program for UTSA personnel and associated systems and services will enhance and ensure the University’s abilities to meet these goals.
The security program is based on The ITSP is built on multiple foundational elements from NIST. The first is the NIST Cybersecurity Framework. The Framework identifies and defines the following core cybersecurity functions:
- Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- Protect – Develop and implement appropriate safeguards to ensure delivery of critical services.
- Detect – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Foundational to the IT Security Program is Risk Management which is a continuous process that is essential to any IT security program. UTSA will evaluate risks from a user, system, and departmental perspective. The Information Security Office will lead yearly risk assessments and work with the users, information owners, system owners, and departments on an ongoing basis to evaluate and mitigate risk.
If you are interested in discussing any o f these subjects and/or need additional information on any of the ITS Service listed below, please fill out a ticket and a member of the Information Security Office will respond to you.
IT Security
- IT Risk Management – Risk Management is a continuous process that is essential to any IT security program. The UTSA ISO leads the program to evaluate risks from a user, system, and departmental perspective. The ISO leads yearly risk assessments and works with the users, information owners, system owners, and departments on an ongoing basis to evaluate and mitigate risk.
- PCI – PCI compliance – Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. PCI standards for compliance are developed and managed by the PCI Security Standards Council and is preformed on an annual basis with UT System Treasury Department and UT System Cyber Security.
- Vulnerability Assessment
- Incident Response and Recovery – The UTSA ISO investigates information security events and manages information security incident handling for UTSA. This includes evaluation of events and making the final determination on incident handling.
- System Hardening – The UTSA ISO leads the efforts to strengthen the IT security posture of UTSA endpoints including laptops and desktops. These efforts include managing the ManageEngine instances for UTSA and performing onsite visits to validate endpoint security.
- IT Security Training and Consulting – The UTSA ISO provides information security consulting and guidance on security best practices for UTSA. This may involve special applications support, review of traffic, review of stored information, or access restriction options. The UTSA ISO implements and manages an information security awareness program with the goal of raising the level of security awareness, understanding, and compliance for all UTSA employees.
- Compliance – The UTSA ISO leads the compliance efforts for UTSA as they relate to federal and state laws on IT security. The compliance areas include Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and the European Union General Data Protection Regulation (GDPR).