The Office of Information Security responds to a variety of computer security incidents on a daily basis. While some incidents are anticipated in advance, the reality is that many computer security events are unpredictable. Some of these incidents are discovered by our office through the course of our duties; for others, we rely on the user community to report potential incidents. You can report a potential security incident using our Report an Incident form.

The Office of Information Security works closely with other departments in the Office of Legal and Regulatory Affairs (OLRA), aiding in information collection and investigation, as well as ensuring compliance with various regulations pertaining to information resources. Such work includes:

• Public Information Act information collection
• Retrieval of electronic data pertinent to ongoing litigation
• Monitoring and response of potential compliance violations in the use of information resources
• Investigation assistance for Compliance, Legal, HR, and Police; as well as other investigations into various instances of misuse of information resources.

The Office of Information Security facilitates various risk acceptance and change requests through our forms directory. These requests are reviewed by our team, taking into consideration business requirements and implications of denial/approval on UTMB operations.

Our Risk Management program assists information resource owners in fulfillment of their role to define, approve, and document acceptable risk levels and risk mitigation strategies by facilitating risk assessments to determine inherent impact that could result from unauthorized access, use, disclosure, disruption, modification, or destruction of UTMB information or information resources.

The Office of Information Security creates Policies and Standards to ensure that information and information resources are appropriately safeguarded. In addition, our office provides security awareness training to the UTMB user community.