The Institute’s IT Security Program offers many services to Units, Departments, Centers, and individuals, and are necessary for the normal day-to-day operations of the IT Security Program. By providing consulting and support through these services, the Institute’s Chief Information Security Officer (UTIA CISO) is able to help reduce risk to the Institute’s data and IT assets. Should you have questions about how these services can help you, please contact Sandy Lindsey.

a safe deposit box in a dark room

HIPAA Compliance

The UTIA CISO works with all covered entities and business associates to ensure compliance is maintained according to HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations, providing data privacy and security protections for safeguarding medical information.

a small vault in a dark room

IT Security Assessment

The goal of a security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project or service. The UTIA CISO can provide a security assessment that includes documentation outlining any security gaps between the project and/or service, and approved security policies.

a dark room with a little safe

IT Security Awareness, Training, and Education

In addition to the required annual training, specialized training can be developed for departments or units upon request. Weekly e-newsletters are sent to all Institute employees with topics being relevant to current threats, situations, or events; policy reminders; tips; and guidelines. Specific topics may be requested for the “Ask Your CISO” section.

a safe with a black background

IT Security Risk Management

An in-depth vulnerability scan may be requested by a user as a part of the Institute’s IT Security Risk Management program. In addition, this program includes a formal exception process for IT security policies, plans, and procedures.

black safe with a silver dial

IT Security Solutions Design

The UTIA CISO provides security solutions for requested projects or services based on the NIST standards; Institute policies, plans, and procedures; University policies; applicable laws; and the business needs of the user, e.g., recommendations concerning cloud storage for moderate data such as student records, human health records, or intellectual properties.

dark room with a dark safe

PCI Compliance

The UTIA CISO validates the compliance of information transferred across the Institute’s networks based on PCI DSS (Payment Card Industry Data Security Standards) regulations by working with each merchant to ensure the proper security controls are in place. Annual on-site assessments by the UTIA CISO are conducted with each merchant to verify full PCI compliance.