About the Information Security Office

The information security office (ISO) supports the Division of Network & Information Systems, and the agency as a whole, by collaborating with agency leadership, and agency and university system audit, compliance, and legal units, to provide advice and policy and technical guidance for securely operating and maintaining the agency’s information resources.

Policy and Standards

The ISO provides direction for agency information security policies and practices to protect critical resources and services and aid research units with achieving their security goals and compliance requirements. The ISO creates security policies and standards for approval by agency leadership, and evaluates existing and emerging security-related laws, regulations, and policies for compliance goals.

Risk Management

The ISO maintains an agency-wide information security risk management program to evaluate threats and vulnerabilities and assure the creation of appropriate remediation plans. This support includes assessing security risk, creating and monitoring security plans, and aiding disaster recovery planning.

Vulnerability Management

The ISO conducts security vulnerability monitoring in support of policy enforcement and operational assurance. The ISO monitors computer and network resources for suspicious activity and tests information resources for security vulnerabilities. This includes performing network intrusion detection, conducting security scanning of agency computers, testing IT Web-enabled services, and conducting intelligence analysis to identify security threats.

Management Support

The ISO assists technology managers with security administration, implementation, and management. This includes testing and evaluating security technologies, advising on security related technology projects, and aiding management of security technology, with special emphasis on mission-critical IT resources.

Incident Management

The ISO manages incident response, investigation, and reporting. This includes performing network intrusion detection and conducting forensic criminal and administrative investigations, receiving and processing security incident complaints, and overseeing recovery, and restoration for security-related events. The ISO takes permitted or required actions to protect agency information resources in consultation with appropriate executive leadership.

Mission

The mission of the Information Security Office, as required by state law, is to assure the security of the agency’s information resources and the existence of a safe computing environment in which the agency community may conduct research and teach in support of the Texas A&M University land-grant mission.