Information Security

The mission of the Information Security department is to assure the security of the University’s information technology resources and provide a safe computing environment in which the UT Southwestern community can teach, learn, and conduct research. Information Security works in partnership with campus departments, Information Resources, and University Audit, Compliance, Privacy, and Legal organizations to support the University’s goals and objectives.

Security Breaches

According to UT Southwestern's Information System User Responsibilities Policy 200-13, all workforce members are required to report any instances of suspected security breaches to the Chief Information Security Officer. To report a breach, please contact the IR Call Center at 214-648-7600 or send an e-mail to the Information Security Division.

Work for Information Security

Information Security follows the hiring guidelines established by the University, UT System, and various federal agencies which require that our employment opportunities be posted with the campus Human Resources department. If you are interested in employment in Information Resources, visit UT Southwestern's Human Resources website for job openings, application procedures, and other pertinent information.

Information Security Initiatives

The department of Information Security is responsible for managing the University information security program that includes information security risk management, information security policy & standards development, information security monitoring and testing, information security incident response management, campus information security management support, and information security awareness and training. Our goals for the University information security program include:

Information Security Risk Management

Information Security maintains a campus-wide information security risk management program that evaluates threats and vulnerabilities. Information Security supports the University by assessing security risks, creating and monitoring security plans, and developing IT recovery planning procedures.

Information Security Policy & Standard

Information Security develops, maintains and provides direction for all University security policies and procedures that protect critical information resources and services. Information Security assists University organizations with departmental security goals and compliance requirements. Information Security creates security policies and standards for approval by University leadership, and evaluates existing and emerging security-related laws, regulations, policies, and industry best practices for compliance goals.

Information Security Monitoring and Testing

Information Security conducts institutional security testing and monitoring in support of policy enforcement and operational assurance. Information Security monitors computer and network resources for suspicious activity and test information resources for security vulnerabilities. This includes performing network intrusion detection, conducting security scanning of University computers, testing IT web enabled services, and conducting intelligence analysis to identify security threats. 

Information Security Incident Management

Information Security manages the University’s Security Incident Response Team (SIRT) which includes incident response, investigation, and reporting. This may include performing network intrusion detection and conducting forensic criminal and administrative investigations, receiving and overseeing recovery, and restoration for security related events. Information Security takes permitted or required actions to protect university information resources in consultation with appropriate executive management.

Information Security Management Support

Information Security assists departments with security administration, implementation, and management. This includes testing and evaluating existing and new information technologies, advising on security standards for information technology projects, and assisting senior management and departmental managers with determining criticality of information resources.

Information Technology Recovery

Information Security IT Recovery program manages the technology recovery planning functions for the University. These include developing a University-wide IT Recovery plan and assisting departments with departmental IT recovery and backup planning strategies.

Information Security Awareness and Training

Information Security manages the University’s Information Security Awareness and Training program for all workforce members in accordance federal, state, and university requirements to include the Texas Administrative Code and the HIPAA Security Rule. The program includes: System Administrator Training, New Hire Information Security Awareness Training, Student Information Security Awareness Training, Refresher Information Security Awareness Training, periodic information security updates via website articles, and more.