Mission and Responsibility:
The goal of the Information Security Office (ISO) is to support the overall vision and mission of The University of Texas at Arlington and to preserve, protect and enhance its reputation as a rising Tier 1 research institution. The objectives of the ISO are to assist members of the Institution in protecting information and computing resources that they have been entrusted; to recommend or implement information security safeguards to address vulnerabilities or prevailing threats; and to improve, where practical, information security solutions and business process that reduce cost and reduce the impact of security controls on user efficiency. The ISO provides guidance for securing, and direct monitoring of, information systems in order to protect the confidentiality, integrity and availability of student information, proprietary business information and University research. This mission is undergirded by stipulations and other requirements outlined in Texas Administrative Code 202 and University of Texas System Policy 165. The ISO is responsible for:
- Developing policies, procedures, guidelines and standards designed to advance UT Arlington’s Information Security Program. The goal of the program is to prevent unauthorized access or alteration of information while balancing the need for availability.
- Procuring, providing, implementing or administering technical, administrative or physical safeguards that aid with preventing accidental or malicious disclosure, modification, disruption or destruction of extant University information or information systems.
- Screening, as part of due diligence activity, all University information systems or services, prior to acquisition, for minimum information security standards as well as ensuring that these conform to Federal, State and Local regulations governing information security and privacy, as well as policies and standards established by UT System and UT Arlington.
- Providing leadership and investigative support to business units or individuals affected by a University related information security incident, such as the accidental or malicious disclosure, modification, disruption or destruction of information or information systems, as well as to provide guidance on how to prevent such activity.
- Responding to security incidents, prevailing threats, breaches, intrusions, and/or system abuses that originate from external networks against UT Arlington, or those that originate from the University’s network.
- Coordinating open records requests, litigation holds and subpoenas. All such requests must be directed to the Vice President of Business Affairs who will contact and work closely with the ISO in the event assistance is needed. The ISO works with OIT and other business or academic units to complete these requests.
- Establishing and maintaining the Information Security Administrator (ISA) program and providing information security awareness and required training to employees.
- Reporting the status of UT Arlington’s information security program and, as appropriate, incidents to the President, Executive Management, University of Texas System, and to the State.