Information Security Program

Preface

Formed in July of 2000, the Information Security department was tasked with addressing information security concerns at the University. Under the direction of UT-H CIO Richard L. Miller and VP/AVP Dr. William Weems, the Information Security Team continues the tradition of protecting University information assets.

The purpose of the Information Security Program at UT-Houston is to provide a secure information infrastructure for schools and departments to utilize in the pursuit of the Institution's goals in research, teaching and healthcare.

The five cornerstones of the UT-H InfoSec Program are:

• Prevention
• Protection
• Detection/Investigation
• Incident Assessment and Damage Control
• Recovery

Each of the cornerstones represents activities involving people and information administered in accordance with federal, state, and UT System regulations and best practices.

Security Services and Programs

Information Security Services

• Draft Information Security policies and procedures.
• Network Monitoring – Review of aggregate network traffic for anomalous behavior and potentially compromised systems.
• Web Application Scanning – Service provided to campus web developers and system owners to assist in pinpointing possible vulnerabilities before systems are released for production.
• Network Firewall Service - Network traffic rules tailored to departmental and business partner requirements.
• Vulnerability Scanning Service - Remote scanning of campus computer systems to detect vulnerabilities.
• Security Awareness – Provide access to monthly SecuritySense newsletters as well as links to additional internal and external cyber security for technical and non-technical users.
• Security Consulting – Provide consulting resources to UTHSC-H campus to assist in the development of secure architectures, solutions and best practices.

• Password Escrow Service – Free service provided to all UTHSC-H System Owners. Passwords stored in escrow provide necessary backup in case original passwords are lost or no longer accessible. See Password Escrow Service.

• Mission: Improve the security of the University of Texas’s information infrastructure and minimize the threat of damage resulting from an incident.
• Information Security responds to security incidents and threats including release of sensitive information, web site defacement, viruses, worms, and similar system intrusions or compromises.
• The office assists with investigations initiated by the Office of Human Resources, UTPD, Office of Auditing and Advisory Services, Office of General Counsel, and other internal and external authorities.

To report a suspected security incident, please immediately call the Help Desk @ 713-500-4848 to initiate a HEAT ticket or email its@uth.tmc.edu .

Disaster Recovery and Planning

Information Security facilitates disaster recovery planning and coordinates testing for the following UT-H applications:

• PeopleSoft HRMS and FMS
• SIS
• Dental Branch CIS
• PBS IDX
• HCPC Sunrise

Information Security works with user departments to develop business continuity plans.

The Information Security Disaster Recovery Plan correlates with the Emergency Management and Business Continuity Plans.

Future Developments

Regularly check this space for future developments and projects involving the Information Security Team.

When to Contact Us

University faculty, staff and associates are encouraged to contact Information Security for any of the above instances or regarding other information security questions and concerns.