UIT Strategic Priority: Information Security - University of Houston
Skip to main content

Information Security

OVERVIEW

There is a hostile cybersecurity landscape with challenges for all organizations to navigate, as evidenced by the regular media features about cybersecurity threats touching all industries.

With many similarities to small cities, universities face a diverse environment that includes a large variety of services, intellectual and research data and robust, high-speed networks. Maintaining appropriate safeguards within the university ecosystem requires a comprehensive and innovative approach to information protection.

ALIGNMENT

  • With the University — Competitive Resources: Secure computing and communication is the foundation that supports a competitive array of essential resources.
  • With the State — Reliable & Secure Services: Proper security measures protect the integrity and confidentiality of information.
  • With Federal Mandates: Position UHS as a leader in cybersecurity by partnering with FBI Houston InfraGard BOD and other federal entities.

PROGRAM GOALS

  • Centralize UHS Information Security Program
  • Implement UHS Vulnerability Scanning Program
  • Implement Comprehensive Assessment Process and Controls for 3rd Party Hosted Services
  • Implement centralized Security Incident Event Management (SIEM) for UHS
  • Implement UHS Standardized Risk Assessment Process
  • Define Comprehensive and Integrated Cybersecurity Incident Response Plan
  • Implement UHS Security Operations Center (SOC)
  • Verify Comprehensive Change Management Control Process Implemented on all UHS Campuses
  • Identify Relevant Information Risk and Value Metrics

CURRENT STATE

  • Centralized IT Security programs across UHS, including funding, staffing, and initiatives.
  • Improved our security rating by strengthening our desktop and edge protection approaches.
  • Successfully addressed all findings in the external audit of IT Security.

PATH TO SUCCESS

  • Continue collaborating at the UH System level. Collaborations, both internal and external, have not only contributed to the program’s effectiveness, but have also created a platform for regional, state and national recognition of UH cybersecurity efforts, which benefits UH academic programs, students, faculty and researchers.
  • Continue engaging UH executive leadership, which has been and will remain critical to the success of IT security efforts.

FY2020 INITIATIVES

  • Implement 2-factor authentication for the protection of user account credentials and access to university resources.
  • Add security controls/enhancements for Office 365 mail and file infrastructure.
  • Strengthen pre-deployment application security testing.
  • Expand university internal scanning abilities to include the ability to detect security concerns related to specialized facility systems, such as HVAC and other Industrial Control Systems (ICS).

FY 2018 Total Incidents - 540