Information Security Resources (PM-3)

Description

Texas Administrative Code (TAC), Rule §202.70(2) requires the head of each state institution of higher education or his/her designated representative(s) to allocate resources for ongoing information security remediation, implementation, and compliance activities that reduce risk to a level acceptable to the institution head.

Applicability

This Control applies to the University Vice President for Information Technology & Chief Information Officer (CIO) working in cooperation with university administrative management and the University CISO.

Implementation

1
It is the responsibility of the University President or designee (i.e., CIO) to:
- 1.1
  ensure that capital planning and investment requests include the resources needed to implement the information security program and document exceptions to this requirement.
- 1.2
  employs a business case to record the resources required; and
- 1.3
  ensures that information security resources are available for expenditure as planned.

Program Management (PM)

Information Security Resources (PM-3)

Description

Applicability

Implementation

Need Help with IT Policy?

Support

FAQs

Glossary