The Department of Information Security helps to assure the security of UT Southwestern Medical Center's information technology resources and provide a safe computing environment in which the Medical Center community can teach, learn, and conduct research.
Information Security works in partnership with campus departments, Information Resources, University Audit, Compliance, HIPAA Privacy, and legal organizations to support the Medical Center’s goals and objectives.
Information Security Initiatives
Information Security is responsible for managing the enterprise information security program. This includes information security risk management, IT disaster recovery planning, information security policy and standards development, information security monitoring and testing, information security incident response management, campus information security management support, and information security awareness and training. Information Security operates the following programs:
Information Security Risk Management
Information Security maintains a campus-wide information security risk management program that continually evaluates threats and vulnerabilities. Information Security supports UT Southwestern by assessing security risks, creating and monitoring security plans, and developing IT recovery planning procedures.
Information Technology Recovery
Information Security’s IT Disaster Recovery program oversees the technology recovery planning and testing functions for the Medical Center. These include developing a University-wide IT Recovery plan and assisting departments with departmental IT recovery and backup planning strategies. More information is available through the IR Disaster Recovery Manager.
Information Security Policy and Standard
Information Security develops, maintains, and provides direction for all UT Southwestern security policies and procedures that protect critical information resources and services. Information Security assists University organizations with departmental security goals and compliance requirements. The Department creates security policies and standards for approval by UT Southwestern leadership, and evaluates existing and emerging security-related laws, regulations, policies, and industry best practices for compliance goals.
Information Security Monitoring and Testing
Information Security conducts institutional security testing and monitoring in support of policy enforcement and operational assurance. It monitors computer and network resources for suspicious activity and tests information resources for security vulnerabilities. This includes performing network intrusion detection, conducting security scanning of University computers, testing web-enabled applications, and conducting intelligence analysis to identify security threats. The Department models its operations off of industry best practice, including NIST Information Security Continuous Monitoring guidance.
Information Security Incident Management
Information Security manages the University’s Security Incident Response Team (SIRT), which includes incident response, investigation, and reporting. This may include performing network intrusion detection and conducting forensic criminal and administrative investigations, receiving and overseeing recovery, and restoration for security-related events. Information Security takes permitted or required actions to protect University information resources in consultation with appropriate executive management. Further information about UT Southwestern’s Incident Management policy and plan is available from the Policy Office or via email.
Information Security Management Support
Information Security assists departments with security administration, implementation, and management. This includes testing and evaluating existing and new information technologies, advising on security standards for information technology projects, and assisting senior management and departmental managers with determining criticality of information resources. This service, available to all UT Southwestern associates, can be requested by emailing the IR Service Desk.
Information Security Awareness and Training
Information Security manages UT Southwestern's Information Security Awareness and Training program for all workforce members in accordance with federal, state, and University requirements to include the Texas Administrative Code and the HIPAA Security Rule.
The program includes:
- System Administrator training
- New Hire Information Security Awareness training
- Student Information Security Awareness training
- Biennial Refresher Information Security Awareness training
- Periodic information security updates via the University intranet
- Monthly IR and Security meetings
All UT Southwestern associates can view their current training and enroll in training at the Taleo Learn portal (login required).
According to UT Southwestern's Acceptable Use of Information Resources Policy ISR-104, all users are expected to immediately report any suspected security incident to their supervisors, department heads, University Police, or the Chief Information Security Officer. To report a breach, please contact the IR Service Desk at 214-648-7600 or email the Information Security Department.
Work for Information Security
Information Security follows the hiring guidelines established by UT Southwestern, UT System, and various federal agencies that require our employment opportunities be posted with UT Southwestern Human Resources. If you are interested in job opportunities with Information Resources, visit Human Resources for job openings, application procedures, and other pertinent information.