Information Security
Information Security at Texas Woman’s University works to protect institutional data, systems, and accounts by managing authentication, conducting audits, preventing phishing attacks, and reducing cybersecurity risks across the university. The team collaborates with ITS and other departments to ensure secure technology operations and compliance with state requirements.
Training and Awareness Multi-Factor Authentication Cyber Hygiene and GuidanceAreas of Expertise
Below is a list of some of Information Security’s areas of expertise:
Governance, Risk, and Compliance (GRC)
- Enterprise Information Security Policy (URP) development, review, and lifecycle management
- Ensure alignment with regulatory and control frameworks:
- TAC §202, Texas Cybersecurity Framework, NIST SP 800-53, ISO 27001
- Control mapping and implementation guidance across university operations
- Legislative and regulatory monitoring (state and federal cybersecurity)
- Exception and risk acceptance management (documentation, tracking, approvals)
- Development of security standards, procedures, and supporting documentation
Risk Management & Vendor Security
- Risk assessments for software acquisitions and systems
- Third-party/vendor risk evaluation (e.g., HECVAT, SOC 2, ISO 27001 review)
- Risk-based decision support for procurement and system implementation
- Continuous reassessment based on changes in system use or security posture
Audit, Assurance, and Reporting
- Coordination and support for internal and external audits
- Development of audit-ready documentation and evidence
- Execution and reporting for:
- Texas Cybersecurity Framework assessments
- Compliance audits and control validation
- Liaison between auditors, stakeholders, and technical teams
Security Awareness and Training
- Phishing simulation campaigns
- Development and delivery of security awareness and training programs
- Training tracking, metrics, and reporting to the State of Texas
- Campus-wide engagement initiatives:
- Cybersecurity Awareness Month activities
- E-waste recycling events
- Information booths, campaigns, and social media outreach
Data Protection & Privacy
- Data Loss Prevention (DLP) strategy, implementation, and monitoring
- Email security and protection of sensitive data (PII/PHI)
- Identity & Access Management (IAM)
- Access control governance aligned with least privilege principles
- Oversight of:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- User provisioning/deprovisioning processes
- Access request workflows and governance
Threat Detection & Security Operations Support
- Oversight and coordination of:
- Phishing response and mitigation
- Support for:
- SIEM (Security Information and Event Management)
- EDR (Endpoint Detection and Response)
- Collaboration with technical teams on threat detection and response improvements
Infrastructure & Technical Security Support
- Security guidance for technical implementations and architecture
- SSL certificate management and secure configuration support
- Email protection technologies (e.g., filtering, anti-phishing controls)
- Secure configuration and baseline recommendations
Information Security Team Introductions
Associate Director / Information Security Officer (ISO): Niki Peyton
-
- Senior Information Security Analyst: Sara “D'Ann” Jackson
- Security Operations Lead: Vacant
- Security Engineer: Chris Knorr
Information Security Factbook
- Out of roughly 150 million emails delivered across TWU emails, 62 million were identified as threats last year alone.
- 600+ Risk Assessments completed each year
- Around 3000 assets (work laptops, servers, network devices like routers and switches) monitored for threats
- Roughly 72,000 threats were quarantined on TWU-owned devices last year
- TWU has a Texas Cybersecurity Framework score of 3.02. All state agencies have an average score of 2.54, while all higher education agencies in the state have an average score of 2.83.
Announcements
November 21, 2024
Guidance for Use of Artificial Intelligence
The Texas Department of Information Resources (DIR) released guidance on responsible use of artificial intelligence (AI) systems. While these tools potentially offer significant efficiencies and value to state agencies, they also carry inherent risks that can be particularly perilous in the public sector. As a state agency, Texas Woman's University will follow state guidance. Key factors include the following:
Risks that agencies should consider include:
-
- Lack of Transparency and Accountability
- Data Privacy and Security Concerns
- Inaccurate Outputs
- AI Manipulation
- Bias and Fairness
Given these risks, it is critical that state agencies implement AI responsibly. Risk mitigation strategies could include:
-
- Be transparent about the utilization of AI tools, particularly when members of the public interact with them.
- Understand to what extent the tools access and use agency-owned data and ensure that the appropriate access controls are in place to restrict the use of personally identifiable information (PII) or any sensitive data within the AI tool. Limit and review who can upload, modify, or delete data that AI systems reference and implement strong data governance policies to ensure appropriate access controls.
- Include a human review of the outputs for factual accuracy and establish processes for employees to regularly monitor the outputs and modify usage of the tools as needed to ensure they have a positive impact on agencies and the Texans we serve.
- Develop AI policies and governance frameworks, such as the NIST AI Risk Management Framework, to ensure the responsible adoption and use of AI.
- Before procuring a tool, include agency security and privacy subject matter experts, and any other internal stakeholders with an interest in the tool, to ensure the necessary perspectives are given an opportunity to weigh in on its risks and benefits to the agency.
Additionally, as state agencies adopt new AI tools, they should consider the records retention and Public Information Act (PIA) implications of deploying AI tools that generate high volumes of new data. Establishing and operationalizing retention policies for the data generated by AI tools may help alleviate costs associated with storage as well as voluminous responses to PIA requests.
Finally, please be aware that the 89th Legislative Session will likely introduce new laws and regulations aimed at governing the use of AI in the public sector. Any applications or systems you select now may be subject to future regulatory requirements, and it is important agencies keep this in mind when purchasing AI tools.
Previous announcements
Tools and resources
- Check if a link is malicious – https://urlscan.io/
- Current email scams – https://www.consumer.ftc.gov/features/scam-alerts
- Recognize and avoid phishing scams – https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Page last updated 9:31 AM, July 2, 2026
