• Identity Security

    Functions:

    • Identity governance and the NetID lifecycle
    • SSO (Entra ID (formerly Azure AD), CAS, Shibboleth)
    • Duo MFA
    • Certificate issuance
    • Identity data management

    Description:

    The Identity Security team is dedicated to safeguarding and managing the identity-related aspects of an TAMU’s digital infrastructure. This team is responsible for the design, implementation, and maintenance of the organization's identity security infrastructure, including identity governance, the NetID lifecycle, authentication technologies, and certificate management. Their primary goal is to protect the organization's digital assets from unauthorized access, and ensure the security and integrity of user identities and access controls.

  • System & Applications Security

    Functions:

    • Systems security & vulnerability detection
    • “Hot” vulnerability management
    • Firewall openings scanning
    • Application security & Secure SDLC
    • Penetration testing

    Description:

    System & Application Security continually assesses the security posture of university information resources. This team is responsible for vulnerability identification, classification, and remediation; they continually monitor key public systems for vulnerabilities; and they perform web application scanning to identify software vulnerabilities in production services. This team provides tools and services to assist developers in delivering secure applications; including automated pipelines for testing code and processes for vulnerabilities throughout the development lifecycle, and they perform penetration tests against TAMU systems to detect routes of malicious intrusion and vulnerability exposure.

  • Cloud & Platform Security

    Functions:

    • Public cloud security configuration (IaaS, PaaS)
    • SaaS security config and monitoring
    • Email security (DKIM, DMARC, etc)
    • Cloud compliance automation
    • Data access and protection

    Description:

    The Cloud & Platform Security team is responsible to ensure our cloud services and platforms are secure, reliable, and remain compliant with relevant security controls. This team is also responsible for email security and data loss protection efforts, protection and monitoring of cloud-based file storage, security configuration and automation for cloud infrastructure, and security compliance assurance for cloud-based applications.

  • Security Operations & Forensics

    Functions:

    • Network monitoring & firewall management
    • Systems log monitoring & correlation
    • Threat hunting & threat intelligence
    • Insider threat analysis
    • Incident Response
    • Digital forensics & eDiscovery
    • Endpoint detection & response

    Description:

    Security Operations & Forensics is responsible for monitoring and responding to potential security threats from a wide variety of sources. They monitor our network infrastructure and manage firewalls; they manage and monitor systems and application telemetry to identify and investigate security incidents; and they engage in proactive threat hunting and use threat intelligence to stay ahead of emerging threats. In the event of a security incident, the team is certified to conduct digital forensics investigations, preserving and analyzing digital evidence; they also manage legal eDiscovery and public records requests for the university.

  • Research Security & Compliance

    Functions:

    • Research data security
    • Export-controlled data
    • Controlled Unclassified Information (CUI) oversight
    • Research data compliance related to:
      • Animal Welfare Program
      • Human Research Protection Program
      • BioSafety and Occupational Health Program
    • Support of research service cores
    • Financial Research Compliance
    • Research Project Lifecycle

    Description:

    The Research Security & Compliance team partners closely with the Division of Research and existing compliance groups responsible for research administration to ensure the protection of research data, research subjects, and institutional reputation. Functions include export controls, support of the research service cores, security related to research and grant contracts, and supporting the entire research project lifecycle.

  • Risk, Policy & Compliance

    Functions:

    • Annual risk assessments
    • Federal, state, and local compliance (HIPAA, FERPA, etc)
    • IT policies & controls catalog
    • Business continuity & DR planning
    • Audit readiness & System audit liaison
    • Contracts review (purchasing & research)
    • State-mandated reporting (TAC §202, TGC §2054, etc)

    Description:

    The IT Risk, Policy & Compliance team is responsible for critical functions related to federal, state, and System compliance. Their responsibilities include the annual risk assessment process; pre-audit assessments and audit coordination; IT security and compliance validation; contract reviews for procurement and research contracts; and state-mandated reporting. This team also manages university policies regarding IT security and management, and interfaces with the University Privacy Officer regarding federal regulations like HIPAA or FERPA.

  • IT Accessibility

    Functions:

    • Designated EIR Accessibility Coordinator for Texas A&M
    • Federal and state compliance and associated audits
    • Accessibility compliance reviews for all information resources
    • Web accessibility consulting and remediation
    • Analysis of emerging technologies
    • Training and campus outreach

    Description:

    The IT Accessibility team uses accessibility best practices and universal design principles in order to improve learning outcomes and access to technology for everyone. The EIR Accessibility Coordinator (EIRAC) is the central point of contact concerning accessibility issues and solutions. The team manages compliance reviews for information resources, performs web accessibility testing, facilitates training, and consults regarding digital accessibility compliance.

  • Data Management

    Functions:

    • Data governance
    • Data security & compliance
    • Data quality assurance
    • Data lifecycle management
    • Data strategy & planning

    Description:

    The Data Management Officer is responsible for oversight and policy related to the handling and utilization of data. This includes data governance, research data compliance, management of the data lifecycle, and security and access control around university datasets.