Nate Howe
May 18, 2023
UT Dallas continues to be targeted by criminals who would harm us to achieve personal gain. Therefore, it is important to reduce vulnerabilities and manage IT systems in a consistent and reasonable manner. Throughout Summer 2023, the Information Security Office (ISO) will deploy field analysts to randomly inspect computers from all schools and departments. This will help determine whether all beneficial settings and resources have been applied to make computers and the overall network safe. If misconfigurations are detected, this information will be used to increase security and further reduce risk across UT Dallas. The ISO employees will only check general settings and will not review proprietary or personal information on the computers.
The ISO operates by the motto, “Education – Partnership – Solutions” and would appreciate your help if your computer is selected for inspection. However, you may decline to participate, as you determine necessary. For additional information on this initiative, please review the memo issued by Nate Howe, Chief Information Security Officer. We’ve also added a full copy of the contents below for accessibility purposes.
As you may know, our university continues to be targeted by criminals who would harm us to achieve personal gain. Our growing stature as an environment to learn, research, and work puts systems, data, and people in the crosshairs of attackers who threaten to exploit vulnerabilities. Reducing vulnerabilities includes managing IT systems in a consistent and reasonable manner. Toward this end, my team publishes policies and standards shaped by valuable input from many stakeholders. We made significant progress reducing information security risk when recommended configurations were deployed across the IT environment. However, I remain concerned because we sometimes identify instances of non-compliance and these failures to implement leading security practices leave UT Dallas at risk.
To further identify and resolve computer security weaknesses, I have asked employees of the Information Security Office (ISO) to perform random inspection of computers with a focus on the most essential security features that are both required and well-accepted across our environment. If an ISO employee visits you, their inspection work is expected to last no more than 10 minutes and will involve checking a few settings on your computer. Not only are you welcome to monitor their work, but we welcome your cooperation in operating the computer while the ISO employee asks questions and observes settings. Examples of the configuration they will review include:
The ISO has both the authority and responsibility to perform this testing by UT Dallas UTDBP3096 and UT System Administration UTS165. However, I realize that our visit may come at a time that is disruptive to your work, or you might simply object to inspection. You have the option to kindly decline to participate at the time of the visit. You may validate the authenticity of this letter by visiting our department website at https://infosecurity.utdallas.edu/authorization/.
The following Field Analysts will be helping ISO with this project:
If you have any questions or concerns, contact David Sanzgiri or Nate Howe.