The Texas Department of Information Resources (DIR) has proposed allowing state and regional agencies to share their dedicated information security officers (ISOs) with colleges and universities.
The recommendation, outlined in the agency’s 2022 Biennial Performance Report, noted that state law requires each state agency and higher ed institution to designate an ISO but does not permit agencies or institutions to designate a joint ISO as a shared resource.
The department’s report said that changing this policy to allow the sharing of IT security expertise could help colleges and universities with limited resources that are struggling to fill cybersecurity administrative roles and retain personnel.
According to the state’s Chief Information Security Officer Nancy Rainosek, the recommendation generally aims to help smaller agencies and institutions with less staff and funding access the expertise needed to secure growing networks amid an increase in digital learning and telework.
“Unlike large state agencies and institutions of higher education, the smaller agencies don’t usually have the resources to dedicate staff to tackle security full-time, and their ISOs are wearing multiple hats, such as network administrator or IT manager,” Rainosek wrote via email. “Having the ability to ‘share’ ISOs between organizations would provide a person that was focused on ensuring security is a priority at those smaller agencies. Public junior colleges may also benefit from a program like this.”
Furthermore, Rainosek said that allowing universities, colleges and other agencies to share cybersecurity expertise could bolster network security as cyber attacks against government entities become both more frequent and sophisticated. The need is particularly important for colleges and universities battling costly data breaches and cyber attacks, such as a hacker attack against the University of Texas at El Paso last year that shut down networks for days.
“Information security threats are ever evolving and increasing for the public and private sector in general,” Rainosek said. “The goal is to equip the Texas public sector to be prepared to thwart attacks.”
This article is excerpted from a longer report in Government Technology, sister publication to Industry Insider — Texas.
Agency Recommends Sharing Information Security Officers With Higher-Ed Institutions
Doing so would particularly benefit smaller agencies and colleges.
