Information Security Office
 |
Overview
[back to top]
The university's resource for guidance on information security compliance. We are here to help clarify what is necessary in today's rapidly changing technology environment to keep electronic information as safe, secure and protected as is reasonably possible. Depending on the type of data, compliance with specific legal requirements such as HIPAA, FERPA, PCI, etc. may also be necessary. We frequently work in conjunction with the Privacy Office, others within the Audit Services and Compliance area, I.T. Enterprise Security, and other professionals to provide guidance and keep you informed of your responsibilities in these areas.
Customer service, responsiveness and a reasonable approach to security compliance initiatives without compromising the university's security posture, are top considerations of the Information Security Office. We work with and communicate with university constituents at all levels to ensure we are not taking an "ivory tower" approach to implementing processes necessary to reasonably assure the security of university data and maintain compliance with applicable laws and regulations. We strive to ensure that all information security initiatives are designed to provide a high-level of security over information resources while preserving and enhancing system availability.
The Information Security Office's Chief Information Security Officer (CISO) is the University's Senior Information Security Officer. The CISO oversees security policies, standards, audits and evaluations, as well as university-wide information security awareness. The CISO coordinates information security compliance efforts and activities across the university. This includes university information security compliance oversight, information security strategies, as well as coordination of security efforts related to patient, provider, employee and other confidential business information covered by the Health Information Portability and Accountability Act of 1996 (HIPAA). The CISO works in concert with the University's Privacy Officer to ensure HIPAA compliance in all systems and activities. The CISO serves as the university's representative on Homeland Security issues and issues related to the USA Patriot Act.
The CISO is available to speak with your group, department, school or other university organization on a variety of information security compliance topics. Recent presentations and discussions have included "Introduction to the HIPAA Security Rule", "HIPAA and Private Practice", "Workstation Security" and "Risk Assessment: Qualitative, Quantitative or Both? Two Real Life Examples." The CISO has spoken nationally on Quantitative and Qualitative Risk Assessment, HIPAA, implementing information security polices and standards and eHealth initiatives and regionally on these and other topics. The CISO would be glad to discuss these and other information security related matters with you or your department.
The success of the University's Information Security initiatives are not possible without the support of the University of Louisville, faculty, staff and students. We maintain an open door policy and welcome all comments and suggestions regarding Information Security.
We are located at:
University of Louisville
425 W. Lee Street
Louisville, Kentucky 40208
Office: 502-852-0567
Fax: 502-852-0665
e-mail: isopol @ louisville.edu
(Remove spaces in email address, there to minimize
spam)
----------------------------------------------------------
Contacts
[back to top]
| Matthew H. Witten, MBA, CISA, CISSP, CRISC, CIRM, MCSA Chief Information Security Officer Office: 502-852-0567 e-mail: matthew.witten @ louisville.edu (Remove spaces in email address, there to minimize spam) Matt has over 10 years of IT, information security, information risk, business continuity, and disaster recovery experience in the financial, consulting, and non-profit industries. Most recently, in the Institutional Markets Division of AEGON, Matt managed numerous information risk, security, and business continuity/disaster recovery projects, as well as designed/implemented numerous security architectures for in house applications, Microsoft SharePoint, Oracle Hyperion, and SQL. Matt also worked for Fortress Network Security as their Lead Security Engineer, where he worked with various clients as a consultant designing/enhancing the network and security architectures and performing various security, network, and wireless assessments for the clients. During Matt's time at Financial Service Solutions, as their Information Security Analyst, he was part of the design and implementation of the security program, including policy and procedure design, Active Directory design and management, and security administration. Matt has a Master of Business Administration (MBA) from Indiana Wesleyan University and a BA in History/Business Administration from Bellarmine University. He is a Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Controls (CRISC), and holds various other vendor-specific IT certifications. Matt currently resides in Louisville, KY with his family. |
20 Minutes with Bruce Edwards on securing sensitive data
