Personal tools
 
You are here: Home About the Information Security Office
Document Actions

Information Security Office

The Information Security Office
Overview
Contacts

Overview
[back to top]

The university's resource for guidance on information security. We are here to help clarify what is necessary in today's rapidly changing technology environment to keep electronic information as safe, secure and protected as is reasonably possible.  Depending on the type of data, compliance with specific legal requirements such as HIPAA, FERPA, the USA Patriot Act, etc. may also be necessary.  We frequently work in conjunction with the Privacy Office, Audit Services, I.T., Facility Security Officer and others to provide guidance and keep you informed of your responsibilities in these areas.

Customer service, responsiveness and a reasonable approach to security initiatives without compromising the university's security posture, are top considerations of the Information Security Office. We work with and communicate with university constituents at all levels to ensure we are not taking an "ivory tower" approach to implementing processes necessary to reasonably assure the security of university data and maintain compliance with applicable laws and regulations. We strive to ensure that all information security initiatives are designed to provide a high-level of security over information resources while preserving and enhancing system availability.

The Information Security Office's Chief Information Security Officer (CISO) is the University's Senior Information Security Officer.  The CISO oversees security policies, standards, evaluations, and university-wide security awareness. The CISO coordinates information technology security efforts and activities across the university. This includes information security strategies, security architecture and global function oversight as well as coordination of security efforts related to patient, provider, employee and other confidential business information covered by the Health Information Portability and Accountability Act of 1996 (HIPAA). The CISO works in concert with the University's Privacy Officer to ensure HIPAA compliance in all systems and activities. The CISO serves as the university's representative on Homeland Security issues and issues related to the USA Patriot Act.

The CISO is available to speak with your group, department, school or other university organization on a variety of information security topics. Recent lectures and discussions have included "Introduction to the HIPAA Security Rule", "HIPAA and Private Practice", "Workstation Security" and "Risk Assessment: Qualitative, Quantitative or Both? Two Real Life Examples." The CISO has spoken nationally on Quantitative and Qualitative Risk Assessment, HIPAA, implementing information security polices and standards and eHealth initiatives and regionally on these and other topics. The CISO would be glad to discuss these and other information security related matters with you or your department.

The success of the University's Information Security initiatives are not possible without the support of the University of Louisville, faculty, staff and students. We maintain an open door policy and welcome all comments and suggestions regarding Information Security.

We are located at:

University of Louisville
MedCenter One Building
501 East Broadway Suite 110
Louisville, Kentucky 40202

Office: 502-852-4363
Fax: 502-852-3855

e-mail: Bruce.Edwardsjr @ louisville.edu
(Remove spaces in email address, there to minimize spam)

----------------------------------------------------------

Contacts
[back to top]

Bruce W. Edwards, CISM, CISA, CIA, FLMI
Chief Information Security Officer
Office: 502-852-4363
e-mail: Bruce.Edwardsjr @ louisville.edu
(Remove spaces in email address, there to minimize spam)
Bruce has 22 years audit, security and training experience in the Life Insurance, Utilities, Education & Health Insurance industries. He designed the statistically driven Agency Field Audit risk assessment model still in use at Monumental Life Insurance (aka Capital Holding Agency Group, Providian, AEGON) He trained office administrators throughout the eastern U.S. and worked as Senior I.S. Auditor at Louisville Gas & Electric and the University of Louisville (UofL). Bruce also worked as an IT Security Consultant at Humana Inc, where he was Project Manager for the HIPAA Risk Assessment, Management and Evaluation effort among other duties before returning to UofL as Chief Information Security Officer. Bruce has also been involved in various system roll-outs over the years, including Providian's Field Collection System and UofL's PeopleSoft Financials Implementation where he provided security consultant, system auditor, QA testing and other services. Bruce holds a BS in Industrial Management from the Georgia Institute of Technology (Georgia Tech), is working on his Master of Public Health (MPH) with concentration in Health Management and Systems Sciences at UofL's School of Public Health and Information Sciences and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and a Fellow in the Life Management Institute (FLMI). He resides with his family in Louisville, KY.

Latest News & Updates

10/04/07
THIRD NOTICE Changes to Privacy, Security, and HSC Compliance Training

09/05/07
Third Annual Cyber-Security Awareness Week
and Grill the ISO Cook-outs!
Week of October 1-5, 2007

08/20/07
Information Security Policies
and Standards Approved:

 
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: