Security
Balancing Security and Functionality
The mission of the IT Security team is to ensure the confidentiality, integrity, and availability of the university’s data and information systems while maintaining the principles contained within the framework of rules, regulations, and statutes established by the federal and state government. Governance for all information security and ensuring the protection of TTUHSC information is the responsibility of the Information Security Officer (ISO). The ISO directs all security tasks through two functional teams; IT Security Operations and Governance Risk and Compliance.
Security Operations
Security Operations is responsible for protecting TTUHSC assets and data through proactive security measures and continuous improvement. The operations team works to ensure appropriate application of security processes while maintaining the access and functionality needed continue the flow of business for TTUHSC.
TTUHSC IT Security provides the following services >
- Web and Email Security (protecting against malicious intrusions and data loss)
- Antivirus and other endpoint security application management
- Conducts security reviews for system changes and software requests
- Security Awareness Training
- Proactive Vulnerability Management
- Security Incident Response
Governance, Risk, and Compliance (GRC)
Governance, Risk, and Compliance (GRC) is the area of IT Security that enforces the security standards for the creation, storage, and transmission of TTUHSC data. GRC works with the Office of Institutional Compliance and the Information Security Officer (ISO), to review and assess systems during their entire lifecycle. This includes purchase, implementation, use, and disposal, to ensure the confidentiality, availability, and integrity of TTUHSC data and systems.
GRC Services
- Assessments: Conducts regular security assessments on mission critical institutional assets.
- Security Reviews: Assists with technical security reviews for contracts, technical purchases, and payment card use compliance.
- Documentation: Produces IT governance policies, plans, and procedures in accordance with federal and state law.