Security | Texas Tech University Health Sciences Center

Ìð¹ÏÊÓƵ

Ìð¹ÏÊÓƵ students walking through Lubbock campus courtyard.

Balancing Security and Functionality

The mission of the IT Security team is to ensure the confidentiality, integrity, and availability of the university’s data and information systems while maintaining the principles contained within the framework of rules, regulations, and statutes established by the federal and state government. Governance for all information security and ensuring the protection of Ìð¹ÏÊÓƵ information is the responsibility of the Information Security Officer (ISO). The ISO directs all security tasks through two functional teams; IT Security Operations and Governance Risk and Compliance. 

 

Man at laptop working with cybersecurity


Security Operations

Security Operations is responsible for protecting Ìð¹ÏÊÓƵ assets and data through proactive security measures and continuous improvement. The operations team works to ensure appropriate application of security processes while maintaining the access and functionality needed continue the flow of business for Ìð¹ÏÊÓƵ. 

Ìð¹ÏÊÓƵ IT Security provides the following services >

  • Web and Email Security (protecting against malicious intrusions and data loss)
  • Antivirus and other endpoint security application management
  • Conducts security reviews for system changes and software requests
  • Security Awareness Training
  • Proactive Vulnerability Management
  • Security Incident Response
Person working on company policy at a laptop

Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC) is the area of IT Security that enforces the security standards for the creation, storage, and transmission of Ìð¹ÏÊÓƵ data. GRC works with the Office of Institutional Compliance and the Information Security Officer (ISO), to review and assess systems during their entire lifecycle. This includes purchase, implementation, use, and disposal, to ensure the confidentiality, availability, and integrity of Ìð¹ÏÊÓƵ data and systems.

GRC Services
  • Assessments: Conducts regular security assessments on mission critical institutional assets.
  • Security Reviews: Assists with technical security reviews for contracts, technical purchases, and payment card use compliance.
  • Documentation: Produces IT governance policies, plans, and procedures in accordance with federal and state law.