SKIP TO PAGE CONTENT

Information Security Controls Catalog PM-14

Last Review: 10/1/22

Statement

A process for organization-wide security and privacy testing, training, and monitoring helps ensure that organizations provide oversight for testing, training, and monitoring activities and that those activities are coordinated. Security and privacy training activities, while focused on individual systems and specific roles, require coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.

Applicability

This Control applies to all West Texas A&M network information resources. The responsibility and authority for this control is delegated to the ISO.

Implementation

IT shall provide security monitoring for all information systems owned or managed by the University.  The monitoring process shall include

  • A process ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
    • Are developed and maintained
    • Continue to be executed in a timely manner;
  • Reviews of testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Phone
Twitter
Facebook
Instagram
Mail