PM-3 Information Security Resources

Description

Texas Administrative Code (TAC), Rule §202.70(2) requires the head of each state institution of higher education or his/her designated representative(s) to allocate resources for ongoing information security remediation, implementation, and compliance activities that reduce risk to a level acceptable to the institution head.

Applicability

This Control applies to the University Vice President for Information Technology & Chief Information Officer (CIO) working in cooperation with university administrative management and the University CISO.

Implementation

1 - It is the responsibility of the University President or designee (i.e., CIO) to:
- 1.1 - ensure that capital planning and investment requests include the resources needed to implement the information security program and document exceptions to this requirement.
- 1.2 - employs a business case to record the resources required; and
- 1.3 - ensures that information security resources are available for expenditure as planned.

PM-3 Information Security Resources

Description​

Applicability​

Implementation​

Description

Applicability

Implementation