The Information Technology Security Team concentrates on the human side of the "firewall" against threats that involves policy, procedure, systems security plans, training, etc.; The CIO/CISO maintains the Campus Security Program plan and a cycle of continuous improvement.; In addition to the campus security plan the CIO/CISO collaborates with departments (identified to be higher risk to the university) to implement more comprehensive individualized Systems Security Plans. This team is led by the CIO/CISO with members within the department that include the Blackboard Administrator, Colleague Specialist and the Network Analyst.
OIT's network security is of utmost importance because it is the first line of defense against threats originating from the Internet. Visit the OIT Website for more information about how you can have a safer computing experience while using OIT's network. The following is highlighted here for your convenience.
More Security Awareness Training videos can be found at Alabama Cyber Security.
1) OIT Security Team (OITST). As the name implies, the OITST advises the CIO/CISO and senior leadership on matters of information security policy, threat, risk, vulnerability, response, training and the overarching security program plan of action. The OITST is comprised of a core team to address infosec issues on an ongoing basis. Also, expanded ad-hoc teams are created to focus specific issues.
2) Security Liaisons. Some OIT departments have been categorized as a higher risk due to their critical systems operations, sensitive information and/or compliance requirements. Higher risk to information resources infers greater impact to the university should their systems be compromised. These departments are in the process of being assigned Security Liaisons to work with the security team to help implement the stricter System Security Plans that will strengthen their departments' security stance. This will take place in the Summer of 2017.
3) The Alabama Cybersecurity Organization (http://www.cybersecurity.alabama.gov/) provides resources to support Cybersecurity for the State of Alabama. The OIT utilizes these resources to assist the university with statewide support in case of a campus wide cybersecurity breach. The CIO/CISO utilizes the resources from this organization to ensure that Tuskegee University has the information it needs on security priorities, best practices, and standards to make decisions concerning IT Priorities & Investments; IT Applications; overall policies and standards; and common data and business processes. These decisions are essential to achieving the ultimate objectives of governance, which are:
By using the resources that the Alabama cybersecurity office provides it can help the university seeks a balance of autonomy between departments and system on OIT security standards, processes, and best practices. This balance shall ensure that each department’s unique needs are met within the framework of the University’s security posture.