ISO Toolbox

As a system member information security officer (ISO), you are the primary point of contact for cybersecurity topics at your institution. You are always welcome to reach out to Texas A&M System Cybersecurity (TAMUS Cyber) for questions or concerns.

Quick Links

Most-used references for ISOs

• Contact TAMUS Cyber
• Subscribe to Updates
• Incident Notification

Reporting Channels

Where submissions and notifications go

• Routine reporting: submitted via OneTrust GRC
  https://tamus.my.onetrust.com/
• Incident reporting: follow the procedure in the Incident Notification guideline

Recurring Meetings

Monthly

Monthly Update Calls for ISOs

Second Thursday

Duration: 60 minutes (target 30)

Audience: Member ISOs

• Briefing items from System CISO and Cyber Operations targeting member ISOs.
• Tactical discussion opportunity among ISOs.

Quarterly

Quarterly Webinar for Info Security Community

Second Thursday (Mar, Jun, Sep, Dec)

Duration: 2 hours (target 90 for regular meetings)

Audience: Member CIOs, Member ISOs, Info security professionals

• Any vendor/external presentations are scheduled at the end of these meetings.
• Briefing items from System CISO and Cyber Operations targeting CIOs and ISOs.
• Major project/initiative presentations and discussions.
• Strategic discussion opportunity among CIOs and ISOs.

Annual

Annual Meeting for CIOs and ISOs

Day before the annual A&M System Tech Summit

Duration: 4 hours

Audience: Member CIOs, Member ISOs

• Major project/initiative presentations.
• Planning workshops and other strategic discussions.

Mailing Lists

The System Office of Cybersecurity maintains closed or limited-access mailing lists for CIOs, ISOs, and other information security professionals. You are automatically added when you are designated in your role. For a list of limited- or open-access mailing lists you may join, visit Subscribe to Updates.

Reporting Requirements

There are two flavors of reporting requirements to the A&M System, in addition to any other reporting requirements established by the Texas Department of Information Resources (DIR) or Texas Cyber Command (TXCC). For state-level reporting references, see the DIR Information Security Officers page.

Routine Annual Reporting

Scheduled submissions via OneTrust GRC

• Annual high-impact information resource inventory.
• Annual information security program report delivered to the system member CEO.
• Submitted to the System Office of Cybersecurity through OneTrust GRC:
  https://tamus.my.onetrust.com/

Incident Reporting

Notify when CIA may be compromised

• Any incident where the confidentiality, integrity, or availability of a member high-impact information system — or a system processing confidential information — is potentially compromised must be reported to the System Office of Cybersecurity.
• Requirements and procedure are documented in Incident Notification.
• This is in addition to any contacts or engagements with Texas A&M System Cyber Operations.