Security Committee

Charge

This committee will foster a consistent focus on security within the UT IT community, with baselines and quantifiable metrics that align with campus security policy.  It will facilitate and focus a consistent approach to IT security management in the CSUs while safeguarding the core missions of the University of Texas at Austin.

Straightforward and actionable best-practice frameworks will be a cornerstone of these efforts, with phased objectives building on each other to improve UT's response to security challenges. Timelines will be established to meet objectives, with tools, training, and other support provided to meet the standards needed to secure the data and devices of the campus.

This committee will describe roles and responsibilities of the CSUs, ISO and ITS to establish clear and complementary expectations and procedures to facilitate communication and cooperation to meet the needs of faculty, staff, and students.  Coordinated campus responses to threats using rapid, orchestrated, deployment of fortifications or remediations is the ultimate objective of this committee.

Scope/Boundaries

Committee responsibilities include:

• Define and promote best security practices to ensure 100% active management of the entire IT ecosystem with well prioritized, phased, and time-bound objectives.
  • Develop actionable plans to meet policy requirements
  • Create solutions to facilitate propagation
  • Baselines will guide proactive patching and necessary remediation efforts
• Preliminary efforts will emphasize the fortification of endpoints around five key components
  • Endpoint Management Consoles (e.g. SCCM and JAMF)
  • Device encryption
  • General Networks deployment 
  • Least privileged access
  • Telemetry agent deployment (e.g. Nessus)
• Aggressive gap analysis with corresponding remediation will be an ongoing focus of the committee
  • Milestones will be established for compliance via various reports to help direct efforts
• Data protection (both access controls and backup reliability)
• Application development and software stewardship will be addressed as needed
• Endpoint security standards will be communicated and deployed
• Collaborative efforts will be essential to success
  • Frameworks for verification reporting and accountability will be established
  • Roadmaps will be developed and shared consistently
  • After action reports will be created and shared for process improvement and accountability
  • Security initiatives within CSUs and across the campus will be promoted 
• Close coordination and partnerships will be kept with key related groups (governance, new technical groups, etc) to ensure that efforts are effective and synergistic
  • The Endpoint Management and Networking committees in ITLC will be key partners 
  • The committee will partner with the CISO to enhance compliance toolsets, protocols, and reporting

Officers

Membership