PM-16 Threat Awareness Program
Description
Because of the constantly changing and increasing sophistication of adversaries, especially the advanced persistent threat (APT), it is becoming more likely that adversaries may successfully breach or compromise organizational information systems.
One of the best techniques to address this concern is for organizations to share threat information. This can include, for example:
- sharing threat events (i.e., tactics, techniques, and procedures) that organizations have experienced,
- mitigations that organizations have found are effective against certain types of threats, and
- threat intelligence (i.e., indications and warnings about threats that are likely to occur).
Threat information sharing may be bilateral (e.g., government-commercial cooperatives, government-government cooperatives), or multilateral (e.g., organizations taking part in threat-sharing consortia).
Threat information may be highly sensitive requiring special agreements and protection, or less sensitive and freely shared.
Applicability
Texas Administrative Code, Chapter 202 [TAC 202] assigns responsibility for the protection of information resources to the President of the University.
For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO).
Implementation
TAMU-CC implements a threat awareness program that includes a cross-organization information sharing capability. Administering an ongoing information security awareness education program for all users; and Introducing information security awareness and informing new employees of information security policies and procedures during the onboarding process. TAMU-CC implementation of this standard is incorporated into TAC 202.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019