IT Resources and Community Questions
For information on the latest IT-related resources and questions coming in regarding the campus response to the COVID-19 situation, please visit: IT Resources Questions & Answers

Information Security

Charge

The Information Security Advisory Committee (ISAC) will provide feedback to the Chief Information Security Officer (CISO) on a variety of information security-related topics that are likely to impact university constituencies. The ISAC will not provide oversight or direction of the CISO or the UT Information Security Program.

Scope/Boundaries

Committee responsibilities include:

  • Provide feedback to the CISO on communication and notification processes associated with notable security-related changes to the university’s information technology environment
  • Serve as a trusted group for discussing more sensitive matters that fall outside the scope of routine operational remediation
  • Provide feedback to the CISO regarding any shared or published plans, roadmaps, best practices, and campus-wide remediation efforts for notable vulnerabilities and threats
  • Provide the CISO with information from their respective units or peers for planning and communication purposes to help ensure the university can proactively respond to threats while also minimizing disruption to instruction and research
  • Promote and champion security initiatives within their own CSUs and across the broader campus community

Example Functions

The ISAC will provide feedback and champion adoption of:

  • Comprehensive campus multi-factor authentication strategies
  • SPF/DMARC/DKIM implementation strategy for campus email services
  • The elimination of SMTP injection attack vectors for campus email services
  • The enforcement of policy related to the use of university-issued email accounts for faculty/staff (along with prevention of forwarding to offcampus addresses)
  • Consistent implementations of ISO Minimum Security Standards for Systems/Applications by campus units
  • Consistent hiring standards, continued education, and certifications programs for campus IT support staff
  • A strategy for implementation, use, and maintenance of additional Microsoft Office 365 security-related services (e.g., InTune, ATP)
  • A control that would use technology (e.g., DNS blackholing) to automatically block known bad IP addresses, host names and domains received from sanctioned security intelligence sources/feeds

Membership

  • Chief Information Security Officer (chair)
  • Deputy Information Security Officer (co-chair) (non-voting member)
  • 1 representative from Legal Affairs, Compliance or Internal Audit invited by the CISO
  • 1 ITS-appointed representative at the discretion of the ITS Director
  • 1 representative from the Administrative IT community invited by the CISO
  • 3 faculty or staff representatives from CSUs associated with specific risks invited by the CISO

The membership of the ISAC representatives will be reviewed for annual renewal.

ISAC Officers

Chair
Cam Beasley Chief Information Security Officer Financial and Administrative Services & Applied Research Laboratories cam@utexas.edu
Vice-Chair
Star Salzman Deputy Information Security Officer Information Security Office star@utexas.edu

ISAC Members

Members
Matt Davidson Information Technology Manager College of Natural Sciences matt.davidson@austin.utexas.edu
Jeff Graves Associate Vice President Office of the Vice President for Legal Affairs jgraves@austin.utexas.edu
William Green Director of Networking and Telecommunications ITS Networking and Telecommunications green@austin.utexas.edu
Eliel Oliveira Director, Research Data Infrastructure Dell Medical School eliel.oliveira@austin.utexas.edu
Laurie Wood Senior Systems Administrator Cockrell School of Engineering lwood@utexas.edu