IT Security Governance
UTC's Information Security Program draws from the National Institute of Standards and Technology (NIST) Risk Management Framework and from University of Tennessee state-wide initiatives to address the risks, benefits and processes involved with all of UTC's information resources.
IT Security addresses the confidentiality, integrity and availability (C-I-A) of information regardless of how it is handled, processed, transported or stored.
Chief Information Security Officer (CISO)
UTC's Chief Information Security Officer has the primary responsibility to carry out the CIO's security program plan. The CISO:
- Maintains UTC's Information Security Program.
- Incorporates industry-accepted security standards, guidelines, policy and control techniques.
- Coordinates the development, review, and acceptance of system security plans with system and information owners.
- Promotes Information Security awareness.
- Ensures personnel with expanded system responsibilities are trained in security best practices.
IT Information Security Advisory Team (ISAT)
The InfoSec Advisory Team is a dynamic, multifaceted team with the goal of strengthening UTC's security stance against persistent threats. A core team is assisted with additional members for special assignments and a security liaison.
IT Security Community of Practice (CoP)
UT Chattanooga participates in the University of Tennessee's state-wide IT Security Community of Practice (CoP). The IT Security CoP --no pun intended-- provides input directly to the Statewide IT Committee on priorities as they relate to the IT security strategy of the university. It is comprised of Senior Information Security Officers from the various UT campuses and institutes, and they ensure that the Statewide IT Committee has the information it needs on security priorities, best practices, and standards to make decisions concerning IT Priorities & Investments; IT Applications; overall policies and standards; and common data and business processes. These decisions are essential to achieving the ultimate objectives of Statewide IT governance, which are:
- Alignment of IT and University strategy
- Delivery of value by IT to the University
- Responsible use of IT resources
- Management of IT-related risks
- Measurement of IT performance
The Security CoP seeks to establish a balance of autonomy between campus/institute and system on IT security standards, processes, and best practices. This balance shall ensure that each campus/institute’s unique needs are met within the framework of the University’s security posture.