Core Competency Definitions
Information Systems Security Posture
Define and maintain the information systems security posture of the university as it relates to user needs and industry standards. Maintain open lines of communication with the university user community to continually update the policies as they relate to the changing posture of the information systems industry.
Vulnerability Assessments
Provide a thorough evaluation of a specific device and/or network to determine any weakness in configuration. A report will be provided that outlines each weakness and defines a suggested configuration change to eliminate or reduce the vulnerability.
System Lock Down
Provide the guidelines and on-site labor to protect a system or network based on the findings in the vulnerability assessment. A site visit will include direct interaction with the System Administrator of the system or network.
Consulting Services
Provide guidance related to information systems security. This may involve special applications support, review of traffic, review of stored information, or access restriction options.
Firewall Design and Implementation
Investigate the system or network to be protected and design and implement a firewall to restrict the accessibility to only the required applications. Includes an on-site visit to determine the setup and design required for the firewall and a return visit upon implementation.
Incident Response
Provide verification and interrogation regarding incidents involving UT Campus information systems devices. This includes, but is not limited to, computer intrusions, denial-of-service attacks, theft of information, and unlawful network activity. This does not include SPAM email directed at individual users.
Awareness Training
Provide direct, hands-on, group training as it relates to information systems security and the defense mechanisms available.
Network Trend Analysis
Review of the data traffic trends on the university network. Create and maintain a traffic flow baseline that is used as a reference point for all anomalies. Research all anomalies and report incidents as they occur.
Policy and Procedure Development
Research and determine the needed policies and procedures relating to information systems security for the campus. This includes all operating procedures for the ITSG and procedures required for users to operate efficiently at the university.
Emergency Preparedness
Develop and maintain OIT's Emergency Response Plan component of the university of Tennessee Knoxville Campus Emergency Response Plan. The UT Knoxville Campus ERP details the general procedures to be followed in emergency situations to insure the protection and safety of all persons, including university students, employees and visitors and to insure protection of property of the university and others. The OIT component of this plan focuses on insuring staff safety and maintaining various forms of communications during an emergency on the Knoxville campus.
Disaster Recovery
Coordinate the development, maintenance, and testing of OIT's Disaster Recovery Plan which is designed to support specific critical university business functions enabling them to continue to function during an emergency situation or disaster which disrupts normal operation. Support includes coordination with recovery services providers and coordination with participating university departments.
HIPAA Compliance
Verify the compliance of information transferred across the university networks based ion HIPAA regulations. Research all discrepancies and provide guidance for solutions.