University Information Security Advisory Committee Charge - UTDPP1099
University Information Security Advisory Committee
The University Information Security Advisory Committee is a concurrent committee of the Academic Senate of the University of Texas at Dallas.
The Committee will advise the University of Texas at Dallas Information Security Officer in planning and testing measures to provide security for the University for development and use of the university's information resources in such a way as to comply with UT System security requirements for university information. University obligations are established by the UT System system-wide policy UTS165, UT System Information Security Action Plan, and Texas Administrative Code 202, and related interpretive statements such as The University of Texas System Laptop Computer Encryption Implementation—Frequently Asked Questions. The committee's areas of concern include but shall not be limited to:
- Recommend policies or guidelines to develop and align information security strategies with applicable laws and regulations.
- Monitor policies and procedures to ensure compliance while not asserting undue claims to own or access information owned by faculty or for which faculty are under obligation to other organizations.
- Recommend procedures for IT systems and practice to lower risk of exposure of information and IT resources. Procedures and practice may include appropriate technical infrastructure and security controls in the IT environment.
- Assist in identifying and classifying information.
- Assess and evaluate security incident management and make recommendations for improvements.
- Recommend procedures that increase the security of business continuity and recovery plans.
- Monitor implementation of the UT Dallas policies by the Information Security office.
- Assist in developing plans and methods for education and outreach in the UT Dallas community to explain the need for security measures and assure effective faculty participation.
The Committee shall be composed of at least eleven voting members. Seven shall be full-time faculty, appointed from the membership of the General Faculty (as defined in UTDPP1088: Faculty Governance). At least three faculty members shall have expertise in areas of computer security. All shall be selected to represent as much of the range of university as well as non-university information that faculty create and use in the course of their professional activities as is practicable. In addition, there shall be one representative each from Academic Affairs, the Office of the Registrar, and the Office of Sponsored Projects, a staff representative selected by the Staff Council, and a student selected by Student Government. One of the faculty members shall be Chair. The Chair and Vice Chair shall be appointed annually by the President upon approval by the Academic Senate.
The University Attorney shall be a member ex officio. The University Information Security Officer shall be the Responsible University Official.
The term of service of the Committee members shall be for two years, effective September 1 to August 31. Appointments shall be staggered in time to make approximately equal numbers of appointments expire each academic year. Members may be reappointed for additional terms. If for any reason a Committee member resigns, the President shall appoint another individual to serve the remainder of the unexpired term upon nomination by the Academic Council.
The Committee shall meet at least bimonthly during the fall and spring semesters. No plan or policy shall be implemented by the Information Security Officer without first being reviewed by the Committee. The Committee shall indicate its approval or disapproval by majority vote. If the Committee disapproves, the Chair shall convey the vote and the reasons to the Vice-Provost and Chief Information Officer. Additional meetings will be called by the Chair or RUO as necessary.
- Issued: 2016-06-02