The Information Security Team protects the confidentiality, integrity, and availability of the College's data and information systems by providing proactive security expertise, creating and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance.
The Team's mission is to safeguard the confidentiality, integrity, and availability of college systems, identity, and data assets by providing proactive security enhancements, maintaining and advancing a secure infrastructure, and fostering a culture of security awareness and compliance throughout the organization.
Policy Management: Information Security works with stakeholders within the organization to define, document, approve, publish, and create awareness about Trinity’s information technology policies, procedures, and work practices.
Awareness and Education: Information Security is responsible for delivering relevant information security knowledge to defined, targeted audiences throughout Trinity to raise awareness of risks and influence behavior so the likelihood of those risks is minimized. The methods used to create this awareness include computer-based learning modules, departmental and one-on-one educational opportunities, webinars, and videos.
Vulnerability Management: Information Security identifies, assesses, and tracks the resolution of security weaknesses throughout the institution. The vulnerability assessment process is a function of regular vulnerability scanning, penetration testing, Security Incident Event Management (SIEM) log analysis, risk assessments, and targeted IT security assurance audits.
Risk Assessment: Information Security is responsible for conducting security reviews and risk assessments of IT-related purchases, projects, vendors, and contracts. Information Security works within the procurement approval cycle to assess and approve exceptions to Trinity-supported products and services. The primary instrument used to initiate these security reviews is the IT Security Questionnaire (link coming soon).
Regulatory Compliance: Information Security works closely with various operating units at Trinity to meet their regulatory compliance and attestation obligations related to FERPA, GLBA, PCI-DSS, and HIPAA. Information Security collaborates with departments in developing system security plans and monitors adherence to established policies and procedures.
Incident Response: Information Security oversees the Trinity incident response program and orchestrates each incident response and post-incident review. When an incident is detected, Information Security identifies the appropriate incident handler(s) and coordinates the resources needed, external or internal, to address the threat. Information Security guides each incident response from a best practice perspective and ensures post-incident reviews are conducted to examine and determine root causes and the quality of the response and confirm if remedial action is necessary. Regarding the overall incident response program, Information Security coordinates incident response training to develop the appropriate skill sets throughout all the Trinity disciplines to respond to various threats as they arise. The responsibility for remediating vulnerabilities rests with the Trinity Infrastructure and Applications units.
Business Continuity and Disaster Recovery Management: Information Security ensures that all BC/DR plans are documented and periodically tested. During these tests, Information Security monitors all failures and ensures they are remediated, and any deficiencies are formally addressed promptly. Information Security also is responsible for regularly updating the Business Impact Analysis report that ranks the criticality of all Trinity applications and services along with an RPO (recovery point objective) and RTO (recovery time objective). In the case of an actual declaration, responsibility for executing the BC/DR plan(s) belong to the respective operating units within LITS and the institution.