ensures that UTMB information resources are being adequately secured, based on risk management, as directed by the CAO or the IRM acting on delegated authority for risk management decisions.