Breadcrumbs

Page title

Policy Working Group

Main page content

Charge
Policy Goals

Name Institution Title

Watkins, Lewis (Chair)

UT System

Chief Information Security Officer

Beasley, Cam

UT Austin

Chief Information Security Officer

Boozer, Lee

UT MD Anderson Cancer Center

Project Manager, Institutional Compliance

Caskey, Paul

UT System

Technology Architect

Heitke, Anne

UT System

Manager of Audits

Hempel, Chris

UT Austin

Director, User Services, Texas Advanced Computing Center

Holthaus, Barbara

UT System

Senior Attorney

Kirksey, Kirk

UT Southwestern Medical Center

Vice President, Information Resources

Mendoza, Nathaniel

UT Austin, Texas Advanced Computing Center

Senior Network Engineer

Moody, Barry

UT System

Information Security Officer

Mueller, Wayne

UT Health Science Center - San Antonio

Director, Systems Planning and Engineering

Quinn, Jessica

UT MD Anderson Cancer Center

Vice President and Chief Compliance Officer

Soldi, Miguel

UT System

Information Security Policy and Resourcing Analyst

Taylor, Bill

UT Health Science Center - San Antonio

IT Auditor

Weber, Max

UT MD Anderson Cancer Center

Director, Office of Academic Computing

Yoder, John

UT Health Science Center - Tyler

Chief Information Officer

Charge

Charge: To recommend policies for securing the UT System research cyberinfrastructure addressing the following elements:

  • Defined Information Security Governance
  • Policies, Procedures, Standards and Policy Management Process
  • Asset / Data Classification
  • Standard Risk Assessment and Management Process
  • Compliance
  • Access Management Process
  • Change Management Process
  • Configuration Management Process
  • Data Backup and Recovery
  • Disaster Recovery Plan
  • Information Security Incident Management Process
  • Physical Security
  • Device Use and Security
  • Application Development and Acquisition
  • Electronic Records Management

Policies will differ for Phase 1 (the pilot) and Phase 2 (production). (i.e. The decision was made to not allow research using PII during the pilot. However, the production system must accommodate such research.)

Policy Goals

  • Provide an environment that is secure for UT faculty to conduct their research.
    • Requires a sound backup strategy at all data facilities.
    • Ensures protection of intellectual policy.
  • Define a "trust framework" which includes an acceptable use policy and agreement so faculty can have confidence that others using the facilities are abiding by practices required to maintain the security for all.
  • Establish policies that create a computing environment that complies with regulations required by granting agencies to position UT institutions for competing for such grants.
  • Establish policies that allow for creation of a secure environment while not hampering research or faculty members' willingness to use the facilities.
  • Influence infrastructure architecture to the extent needed to ensure:
    • System reliability, data availability, integrity, and confidentiality;
    • Ease of use;
    • A range of services to accommodate varying needs such as:
      • Storage with fast access to supercomputing needs
      • Large capacity storage but without the need to access supercomputer facilities
      • Encrypted storage
      • Local storage
      • Ease of provisioning
      • Data life cycle management and deprovisioning
    • Secure methods for collaborating with non-UT researchers and organizations