Charge
This committee will foster a consistent focus on security within the UT IT community, with baselines and quantifiable metrics that align with campus security policy. It will facilitate and focus a consistent approach to IT security management in the CSUs while safeguarding the core missions of the University of Texas at Austin.
Straightforward and actionable best-practice frameworks will be a cornerstone of these efforts, with phased objectives building on each other to improve UT's response to security challenges. Timelines will be established to meet objectives, with tools, training, and other support provided to meet the standards needed to secure the data and devices of the campus.
This committee will describe roles and responsibilities of the CSUs, ISO and ITS to establish clear and complementary expectations and procedures to facilitate communication and cooperation to meet the needs of faculty, staff, and students. Coordinated campus responses to threats using rapid, orchestrated, deployment of fortifications or remediations is the ultimate objective of this committee.
Scope/Boundaries
Committee responsibilities include:
- Define and promote best security practices to ensure 100% active management of the entire IT ecosystem with well prioritized, phased, and time-bound objectives.
- Develop actionable plans to meet policy requirements
- Create solutions to facilitate propagation
- Baselines will guide proactive patching and necessary remediation efforts
- Preliminary efforts will emphasize the fortification of endpoints around five key components
- Endpoint Management Consoles (e.g. SCCM and JAMF)
- Device encryption
- General Networks deployment
- Least privileged access
- Telemetry agent deployment (e.g. Nessus)
- Aggressive gap analysis with corresponding remediation will be an ongoing focus of the committee
- Milestones will be established for compliance via various reports to help direct efforts
- Data protection (both access controls and backup reliability)
- Application development and software stewardship will be addressed as needed
- Endpoint security standards will be communicated and deployed
- Collaborative efforts will be essential to success
- Frameworks for verification reporting and accountability will be established
- Roadmaps will be developed and shared consistently
- After action reports will be created and shared for process improvement and accountability
- Security initiatives within CSUs and across the campus will be promoted
- Close coordination and partnerships will be kept with key related groups (governance, new technical groups, etc) to ensure that efforts are effective and synergistic
- The Endpoint Management and Networking committees in ITLC will be key partners
- The committee will partner with the CISO to enhance compliance toolsets, protocols, and reporting
Officers
| Chair | |||
|---|---|---|---|
| Mark McFarland | Executive Director | CNS IT | markmcfarland@utexas.edu |
| Co-Chair | |||
| Bob Gloyd | IT Director | Engineering | bobgloyd@utexas.edu |
Membership
| Members | |||
|---|---|---|---|
| Ryan Baldwin | Director of IT and Facilities | Education | breakaway@austin.utexas.edu |
| Cam Beasley | CISO | UT Austin | cam@utexas.edu |
| Chris Carter | Dir Org Effectiveness | UT Libraries | ccarter@austin.utexas.edu |
| James Coombes | Director | Comp Svcs - McCombs | James.coombes@austin.utexas.edu |
| Stephanie Dussault | Associate Director of Technology Resources | TRECS | stephanie.dussault@austin.utexas.edu |
| Michael Harvey | Assistant Dean for Technology | Law | mharvey@law.utexas.edu |
| Trice Humpert | Asst VP for ITS | CIO/ITS COO Ofc. | thumpert@austin.utexas.edu |
| Emily Hurt | Deputy Chief Information Security Officer | ISO | hurt@utexas.edu |
| Rich Janes | Director of Technology Resources | TRECS | rich.janes@austin.utexas.edu |
| Sandy Jansen | Chief Audit Executive | Internal Audits | sandy.jansen@austin.utexas.edu |
| Carol Lee | Director of Strategic Initiatives | CIO/ITS COO Ofc. | clee@austin.utexas.edu |
| James Lewis | Director, Computer Support | LAITS | jlewis@austin.utexas.edu |
| John Lovelace | Director of Networking and Telecommunications and Office of Telecommunication Services | ITS Networking | jlovelace@ots.utsystem.edu |
| Melissa Medina-Razzaque | Assistant Director of Operations | Natural Sciences | melirazzaque@austin.utexas.edu |
| David Roberts | Senior Enterprise Engineer - Windows | ITS | dbroberts@austin.utexas.edu |
| Nathaniel Selman | Senior Systems Administrator | Engineering | nathaniel.selman@austin.utexas.edu |
| Jason Wang | Senior Information Technology Manager | ITS Networking | j.wang@its.utexas.edu |
| Chris Yallalee | Systems Administrator I | Education | cpryce@austin.utexas.edu |
Meeting Schedule
The Security Committee meets monthly, but given the dynamic nature of information security, the chair may seek out feedback from the group more frequently via electronic communications or impromptu meetings.