The UTSA Information Security Plan

July 29, 2016



by Danicia Steele at 8:40 AM in Campus Community, Projects, Staff News, News

SP.jpg 

 

The UTSA Office of Information Technology's (OIT) Office of Information Security (OIS) is developing an Information Security Plan (ISP) for UTSA. The ISP is being established by Information Security Operations Officer Kevin Kjosa, to help guide the team with the proper strategies for implementing security operations. The plan will reflect the security triad of confidentiality, integrity, and availability.

The ISP outlines five major topics and educates the reader on both the mission and vison of OIS. The five topics include: threat management, compliance, reporting and communications, incident response, and the NIST Cyber Security Framework.  Kjosa stated that Threat Management and Compliance are two major topics OIS is focusing on this year.

For Information Security Threat Management (ISTM), the plan outlines the objective and a broad approach to execution. OIS collaborated with UTSA Internal Audit on the objective and execution of ISTM. Kjosa stated "to have a solution for threat management you must first be aware of the systems the threat will affect."  In the plan, there is a diagram that outlines the concept of ISTM in four steps:

  1. Identify Assets
  2. Vulnerability Assessment
  3. Verification of Threats
  4. Remediation

Compliance is also a big part of what the OIS team is looking at this year. Currently, UTSA adheres to a wide range of compliance orders. The plan describes how OIS will focus on security for both internal and external compliance.  This section refers to the UTSA Handbook of Operating Procedures (HOP), stating that existing standards and procedures will be reviewed by OIS ensuring that best practices are taken for information security at UTSA.

One of the key points made in the ISP is that all UTSA employees have a role when it comes to putting this plan in action.  When new programs and updates are presented not all employees have the knowledge of how they function. OIT provides both online and on campus training to help provide students and staff with the best security practices. OIS provides information for both students and staff on cyber security to help eliminate risk.

Kjosa says we can expect the plan to be completed in August 2016. The new plan will ensure the team is meeting the requirements and help them stay focus within the plan.

 

For more information on the UTSA Office of Information Security please visit:

Students:

https://utsacloud-public.sharepoint.com/Pages/Security/Students/GuidelinesForStudents.aspx

Faculty & Staff:

https://utsacloud-public.sharepoint.com/Pages/Security/FacultyAndStaff/InformationSecurity.aspx

 

For more information on training available by the UTSA Office of Information Technology

https://utsacloud-public.sharepoint.com/Pages/Training/Training.aspx