OVERVIEW

Universities face growing risks from cyberattacks, including ransomware, phishing and data breaches. Complying with federal/state regulations while protecting sensitive data, research and intellectual property is critical. Measuring risk against a robust cybersecurity program and continuous awareness training are essential to protect the organization and its assets.

CURRENT STATE

• Centralized Information Security program that manages the security of the system universities.
• Centralized tools that provide a security baseline for day-to-day processes and operations of each university and enable our IT partners to keep the universities more secure.

PATH TO SUCCESS

• Collaborate and communicate with the four system universities to strengthen and improve the overall UH System Information Security program.
• Continually enhance an information security strategy that addresses the needs of the individual system universities while maintaining a cohesive goal.
• Engage employees in the security program to address risks and sustain an effective cybersecurity function.
• Continue to develop our team to keep current with existing and evolving challenges.

FY2025 INITIATIVES

• Enhance the existing information security strategy and outline actionable goals for the four system universities while documenting baselines, processes and procedures.
• Foster cyber guardianship by further raising awareness among the university communities of how they can gain the skills to be prepared.
• Revitalize the vulnerability management program to strengthen the university’s cybersecurity posture, reduce overall risk to critical information resources and create a reportable metric that can be used toquantify risk to the organization for future improvements.
• Implement a repeatable, scalable research security program that will build a foundation for future high-level research in the UHS.
• Work with our colleagues to build a base information security standard that will improve overall security posture and ease compliance reviews.