Security Committee

Charge

This committee will foster a consistent focus on security within the UT IT community, with baselines and quantifiable metrics that align with campus security policy.  It will facilitate and focus a consistent approach to IT security management in the CSUs while safeguarding the core missions of the University of Texas at Austin.

Straightforward and actionable best-practice frameworks will be a cornerstone of these efforts, with phased objectives building on each other to improve UT's response to security challenges. Timelines will be established to meet objectives, with tools, training, and other support provided to meet the standards needed to secure the data and devices of the campus.

This committee will describe roles and responsibilities of the CSUs, ISO and ITS to establish clear and complementary expectations and procedures to facilitate communication and cooperation to meet the needs of faculty, staff, and students.  Coordinated campus responses to threats using rapid, orchestrated, deployment of fortifications or remediations is the ultimate objective of this committee.

Scope/Boundaries

Committee responsibilities include:

  • Define and promote best security practices to ensure 100% active management of the entire IT ecosystem with well prioritized, phased, and time-bound objectives.
    • Develop actionable plans to meet policy requirements
    • Create solutions to facilitate propagation
    • Baselines will guide proactive patching and necessary remediation efforts
  • Preliminary efforts will emphasize the fortification of endpoints around five key components
    • Endpoint Management Consoles (e.g. SCCM and JAMF)
    • Device encryption
    • General Networks deployment 
    • Least privileged access
    • Telemetry agent deployment (e.g. Nessus)
  • Aggressive gap analysis with corresponding remediation will be an ongoing focus of the committee
    • Milestones will be established for compliance via various reports to help direct efforts
  • Data protection (both access controls and backup reliability)
  • Application development and software stewardship will be addressed as needed
  • Endpoint security standards will be communicated and deployed
  • Collaborative efforts will be essential to success
    • Frameworks for verification reporting and accountability will be established
    • Roadmaps will be developed and shared consistently
    • After action reports will be created and shared for process improvement and accountability
    • Security initiatives within CSUs and across the campus will be promoted 
  • Close coordination and partnerships will be kept with key related groups (governance, new technical groups, etc) to ensure that efforts are effective and synergistic
    • The Endpoint Management and Networking committees in ITLC will be key partners 
    • The committee will partner with the CISO to enhance compliance toolsets, protocols, and reporting

Officers

Chair
Mark McFarland Executive Director CNS IT markmcfarland@utexas.edu
Co-Chair
Bob Gloyd IT Director Engineering bobgloyd@utexas.edu
Project Manager
Kate Russell Project Manager ITS KateRusell@austin.utexas.edu

Membership

Members
Cam Beasley CISO UT Austin cam@utexas.edu
Chris Carter Dir Org Effectiveness UT Libraries ccarter@austin.utexas.edu
James Coombes Director Comp Svcs - McCombs James.coombes@austin.utexas.edu
Trice Humpert Asst VP for ITS CIO/ITS COO Ofc. thumpert@austin.utexas.edu
Carol Lee Director of Strategic Initiatives CIO/ITS COO Ofc. clee@austin.utexas.edu
Roy Ruiz Director Technology Resources roy.ruiz@austin.utexas.edu
Bob Gloyd IT Director Engineering bobgloyd@utexas.edu
Ryan Baldwin Director of IT and Facilities Education breakaway@austin.utexas.edu
Wiliam Green Director, Networking and Telecommunication Services ITS green@austin.utexas.edu
James Lewis Director, Computer Support LAITS jlewis@austin.utexas.edu

Meeting Schedule

The Security Committee meets monthly, but given the dynamic nature of information security, the chair may seek out feedback from the group more frequently via electronic communications or impromptu meetings. 

 

Documents and Minutes