Office of Information Security

The Office of Information Security and Information Services Operational Security provide UTMB with a range of services to ensure the confidentiality, integrity, and availability of information resources. This document seeks to provide an overview of what UTMB’s information security program has to offer.

Catalogue of Services


  • Incident Response

    The Office of Information Security responds to a variety of computer security incidents on a daily basis. While some incidents are anticipated in advance, the reality is that many computer security events are unpredictable. Some of these incidents are discovered by our office through the course of our duties; for others, we rely on the user community to report potential incidents. You can report a potential security incident using our Report an Incident form.

  • Legal & Compliance Assistance

    The Office of Information Security works closely with other departments in the Office of Legal and Regulatory Affairs (OLRA), aiding in information collection and investigation, as well as ensuring compliance with various regulations pertaining to information resources. Such work includes:

    • Public Information Act information collection
    • Retrieval of electronic data pertinent to ongoing litigation
    • Monitoring and response of potential compliance violations in the use of information resources
    • Investigation assistance for Compliance, Legal, HR, and Police; as well as other investigations into various instances of misuse of information resources.
  • Risk Acceptance & Chance Requests

    The Office of Information Security facilitates various risk acceptance and change requests through our forms directory. These requests are reviewed by our team, taking into consideration business requirements and implications of denial/approval on UTMB operations.

  • Risk Management

    Our Risk Management program assists information resource owners in fulfillment of their role to define, approve, and document acceptable risk levels and risk mitigation strategies by facilitating risk assessments to determine inherent impact that could result from unauthorized access, use, disclosure, disruption, modification, or destruction of UTMB information or information resources.

  • Documentation & Training

    The Office of Information Security creates Policies and Standards to ensure that information and information resources are appropriately safeguarded. In addition, our office provides security awareness training to the UTMB user community.