Office of Information Security
Dan Jones, Assistant Vice President and Chief Information Security Officer (CISO)
Sarah Braun, Assistant Information Security Officer
Leonid Balaban, IT Security Analyst
Group email address: Security@cu.edu
Information Security Officers
Campus Information Security Officers (ISOs) serve in a variety of technical and non-technical roles for a specific University campus. The ISOs shall:
- Provide day-to-day Program management for their campus, advise Organizational Units on IT security issues, and assist the CISO with Program reviews and reporting.
- Assist Organizational Units with evaluating risks to University information and the CISO with risk management reporting.
- Assist with the preparation, approval, and maintenance of campus-specific IT security policies, procedures, and guidelines as appropriate.
- Provide guidance on implementation of unit-specific IT security policies, procedures, and guidelines as appropriate.
- Establish and manage an IT security awareness and education program for campus IT resource users and provide guidance to Organizational Units on supplementing program events with unit-specific training.
- When IT security incidents affect a single campus, lead investigations, coordinate with and issue timely reports to the Chancellor or designee, affected campus units, CISO, Legal, and others as appropriate.
|Name||Campus||Phone Number||Email Address|
Security Advisory Committee
The Security Advisory Committee (SAC) provides oversight of and support for the IT Security Program and is composed of members representing a cross section of the University community. SAC members are appointed by the President or designee.
- Advise, inform, and coordinate with the CISO as appropriate to promote and support the Program and to ensure that Program requirements reflect and support the functional requirements, external requirements, and the mission of the University.
- Advise the President and the CISO as appropriate to ensure that University-wide IT security policies, procedures, and guidelines reflect and support the functional requirements, external requirements, and the mission of the University.
- In collaboration with the CISO advise the University President and Chancellors on risk management decisions and Program direction to ensure alignment with University objectives.
|Vice President, Employee and Information Services||Kathy Nesbittemail@example.com|
|Senior Vice Chancellor and Chief Financial Officer, CU - Boulder||Kelly Fox||Kelly.Fox@Colorado.EDU|
|Alternate representative to Senior Vice Chancellor and Chief Financial Officer - Vice Chancellor for Infrastructure and Safety, CU - Boulder||David Kang||David.Kang@colorado.edu|
Associate Vice Chancellor for Budget and Finance, Denver/AMC
|Senior Executive Vice Chancellor for Administration & Finance, UCCS||Susan Szpyrkafirstname.lastname@example.org|
|Associate Vice President, Business Operations, System Administration||Geoff Barschemail@example.com|
|Director Computing Services, UCCS||Kirk Moorefirstname.lastname@example.org|
|Associate Vice Chancellor for Information Technology, CU-Boulder||Larry Levine||Larry.Levine@colorado.edu|
Associate Vice President and Chief Information Officer, UIS
|Assistant Vice Chancellor for Information Technology Services, Denver/AMC||Russell Poole||Russell.Poole@ucdenver.edu|
|Legal Counsel||Erica Westonemail@example.com|
|Assistant Vice President and Chief Information Security Officer/CU-Boulder Information Security Officer||Dan Jones||Dan.Jones@colorado.edu|
|CU-Denver and Anschutz Medical Campus (AMC) Information Security Officer||Sean Clark||Sean.Clark@ucdenver.edu|
|UCCS Information Security Officer||Thomas Conleyfirstname.lastname@example.org|
|System Information Security Officer||Brad Judy||Brad.Judy@cu.edu|
|Director Internal Audit (Ex-offico member)||Kevin Sisemore||Kevin.Sisemore@cu.edu|
|Alternate representative to Director of Internal Audit - Senior IT Audit Manager||Jim Dillonemail@example.com|
Chief Information Officer/Chief Technology Officer
1. The CIO/CTO is an individual designated by the Chancellor on each campus with oversight authority for all IT operations on that campus. These individuals have the authority to enforce the requirements of University and campus policies for information security.
2. Authorize new IT operations, shut down IT operations that are out of compliance with policy, or transfer management of those operations to a department or service provider with the requisite capabilities.
|Russell Poole||CU-Denver and AMC||Russell.Poole@ucdenver.edu|
|Scott Munson||System Administration||Scott.Munson@cu.edu|