PM-15-727 Contacts with Security Groups and Associations

Contacts with Security Groups and Associations

PM-15-727
Contacts with Security Groups and Associations
Program Management
Protect
System Communications Protection
NOT SELECTED
P3
No
February 15, 2018

The Agency shall maintain an active participating relationship with: (a) the Texas A&M University System's Information Security Officers Working Group; (b) the Texas A&M University System Security Operations Center User Group; (c) the State of Texas Information Security Working Group, and (d) the Center for Internet Security's Multi-State Information Sharing & Analysis Center. Information security employees are encouraged to maintain relationships with additional professional groups and associations, such as InfraGard, (ISC)2, CompTIA, etc. to maintain currency with recommended security practices, techniques, and technologies.

Inadequate contacts and communication protocols with relevant authorities and special interest groups may result in the lack of knowledge of latest security threats and industry trends, information security incidents going unreported or unsupported by leg
The organization establishes and institutionalizes contact with selected groups and associations within the security community: a. To facilitate ongoing security education and training for organizational personnel; b. To maintain currency with recommended security practices, techniques, and technologies; and c. To share current security-related information including threats, vulnerabilities, and incidents.
Employee personnel are members of external information security organizations.
State implementation of this standard is incorporated into TAC 202.
Obtain documentation addressing the organization's contact with security groups and associations and ascertain if (i) contact with these groups is established and institutionalized (ii) security education and training for personnel is facilitated through this network (iii) security practices, techniques, and technologies is maintained up to date (iv) current security related information is shared