PM-14 Testing, Training, Monitoring

Description

A process for organization-wide security and privacy testing, training, and monitoring helps ensure that organizations provide oversight for testing, training, and monitoring activities and that those activities are coordinated. With the growing importance of continuous monitoring programs, the implementation of information security and privacy across the three levels of the risk management hierarchy and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing assessments supporting a variety of controls. Security and privacy training activities, while focused on individual systems and specific roles, require coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.

Applicability

Texas Administrative Code Chapter202 assigns responsibility for the protection of information resources to the President of the University.

For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO)

Implementation

TAMU-CC shall ensure an IT organization is designated to provide security monitoring for all information systems, in both centralized and decentralized (distributed) IT environments, owned or managed by the University.

  1. Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
    1. Are developed and maintained; and
    2. Continue to be executed in a timely manner;
  2. Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
  3. Ensure an IT organization is designated to provide security monitoring for all information systems, in both centralized and decentralized IT environments, owned or managed by the organization.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events