Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home About the Information Security Office

Information Security Office

The Information Security Office
Overview
Contacts

Overview
[back to top]

The university's resource for guidance on information security. We are here to help clarify what is necessary in today's rapidly changing technology environment to keep electronic information as safe, secure and protected as is reasonably possible.  Depending on the type of data, compliance with specific legal requirements such as HIPAA, FERPA, the USA Patriot Act, etc. may also be necessary.  We frequently work in conjunction with the Privacy Office, Audit Services, I.T., Facility Security Officer and others to provide guidance and keep you informed of your responsibilities in these areas.

Customer service, responsiveness and a reasonable approach to security initiatives without compromising the university's security posture, are top considerations of the Information Security Office. We work with and communicate with university constituents at all levels to ensure we are not taking an "ivory tower" approach to implementing processes necessary to reasonably assure the security of university data and maintain compliance with applicable laws and regulations. We strive to ensure that all information security initiatives are designed to provide a high-level of security over information resources while preserving and enhancing system availability.

The Information Security Office's Chief Information Security Officer (CISO) is the University's Senior Information Security Officer.  The CISO oversees security policies, standards, evaluations, and university-wide security awareness. The CISO coordinates information technology security efforts and activities across the university. This includes information security strategies, security architecture and global function oversight as well as coordination of security efforts related to patient, provider, employee and other confidential business information covered by the Health Information Portability and Accountability Act of 1996 (HIPAA). The CISO works in concert with the University's Privacy Officer to ensure HIPAA compliance in all systems and activities. The CISO serves as the university's representative on Homeland Security issues and issues related to the USA Patriot Act.

The CISO is available to speak with your group, department, school or other university organization on a variety of information security topics. Recent lectures and discussions have included "Introduction to the HIPAA Security Rule", "HIPAA and Private Practice", "Workstation Security" and "Risk Assessment: Qualitative, Quantitative or Both? Two Real Life Examples." The CISO has spoken nationally on Quantitative and Qualitative Risk Assessment, HIPAA, implementing information security polices and standards and eHealth initiatives and regionally on these and other topics. The CISO would be glad to discuss these and other information security related matters with you or your department.

The success of the University's Information Security initiatives are not possible without the support of the University of Louisville, faculty, staff and students. We maintain an open door policy and welcome all comments and suggestions regarding Information Security.

We are located at:

University of Louisville
MedCenter One Building
501 East Broadway Suite 110
Louisville, Kentucky 40202

Office: 502-852-4363
Fax: 502-852-3855

e-mail: Bruce.Edwardsjr @ louisville.edu
(Remove spaces in email address, there to minimize spam)

----------------------------------------------------------

Contacts
[back to top]

Bruce W. Edwards, CISM, CISA, CIA, FLMI
Chief Information Security Officer
Office: 502-852-4363
e-mail: Bruce.Edwardsjr @ louisville.edu
(Remove spaces in email address, there to minimize spam)
Bruce has 23 years audit, security and training experience in the Life Insurance, Utilities, Education & Health Insurance industries. He designed the statistically driven Agency Field Audit risk assessment model still in use at Monumental Life Insurance (aka Capital Holding Agency Group, Providian, AEGON) He trained office administrators throughout the eastern U.S. and worked as Senior I.S. Auditor at Louisville Gas & Electric and the University of Louisville (UofL). Bruce also worked as an IT Security Consultant at Humana Inc, where he was Project Manager for the HIPAA Risk Assessment, Management and Evaluation effort among other duties before returning to UofL as Chief Information Security Officer. Bruce has also been involved in various system roll-outs over the years, including Providian's Field Collection System and UofL's PeopleSoft Financials Implementation where he provided security consultant, system auditor, QA testing and other services. Bruce holds a BS in Industrial Management from the Georgia Institute of Technology (Georgia Tech), is working on his Master of Public Health (MPH) with concentration in Health Management and Systems Sciences at UofL's School of Public Health and Information Sciences and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and a Fellow in the Life Management Institute (FLMI). He resides with his family in Louisville, KY.

Matthew H. Witten, MBA, CISSP, CIRM, MCSA
Information Security Compliance Analyst
Office: 502-852-3857
e-mail: matthew.witten @ louisville.edu
(Remove spaces in email address, there to minimize spam)
Matt has over 8 years of IT, information security, information risk, business continuity, and disaster recovery experience in the financial, consulting, and non-profit industries. Most recently, in the Institutional Markets Division of AEGON, Matt managed the information risk, security, and business continuity/disaster recovery projects, as well as designed/implemented numerous security architectures for in house applications, Microsoft SharePoint, Oracle Hyperion, and SQL. Matt also worked for Fortress Network Security as their Lead Security Engineer, where he worked with various clients as a consultant designing/enhancing the network and security architectures and performing various security, network, and wireless assessments for the clients. During Matt's time at Financial Service Solutions, as their Information Security Analyst, he was part of the design and implementation of the security program, including policy and procedure design, Active Directory design and management, and security administration. Matt has a Master of Business Administration (MBA) from Indiana Wesleyan University and a BA in History/Business Administration from Bellarmine University. He is a  Certified Information Systems Security Professional (CISSP), Certified Identity Risk Manager (CIRM), Microsoft Certified Systems Administrator (MCSA), and holds various other vendor-specific IT certifications. Matt currently resides in Louisville, KY with his family.

 

Document Actions

10/27/2008
University of Louisville Selects GuardianEdge to Protect Sensitive Data for Faculty, Staff, Doctors and Researchers

  • GuardianEdge, the leader in enterprise endpoint data protection, today announced that the University of Louisville has selected the GuardianEdge Hard Disk Encryption, Smartphone Protection and Device Control solutions to safeguard data for faculty and staff, doctors and researchers. [Click here for more information]

10/20/08
Fourth Annual Cyber-Security Awareness Week was a BIG Success!

08/25/08
Safe computing starts with knowing the rules of the road (InfoSec Bulletin #7 - August 25, 2008)

08/20/07
Information Security Policies
and Standards Approved: