Office of Information Security
Dan Jones, Assistant Vice President and Chief Information Security Officer (CISO)
Chirag Joshi, Assistant Information Security Officer and HIPAA Security Officer
Leonid Balaban, IT Security Analyst
Group email address: Security@cu.edu
IT Security Principals
Campus IT security Principals (ITSPs) serve in a variety of technical and non-technical roles for a specific University campus. The IT security principals shall:
- Provide day-to-day Program management for their campus, advise Organizational Units on IT security issues, and assist the CISO with Program reviews and reporting.
- Assist Organizational Units with evaluating risks to University information and the CISO with risk management reporting.
- Assist with the preparation, approval, and maintenance of campus-specific IT security policies, procedures, and guidelines as appropriate.
- Provide guidance on implementation of unit-specific IT security policies, procedures, and guidelines as appropriate.
- Establish and manage an IT security awareness and education program for campus IT resource users and provide guidance to Organizational Units on supplementing program events with unit-specific training.
- When IT security incidents affect a single campus, lead investigations, coordinate with and issue timely reports to the Chancellor or designee, affected campus units, CISO, Legal, and others as appropriate.
|Name||Campus||Phone Number||Email Address|
|Brad Judy||System Administration||303-860-4293||Brad.Judy@cu.edu|
Security Advisory Committee
The Security Advisory Committee (SAC) provides oversight of and support for the IT Security Program and is composed of members representing a cross section of the University community. SAC members are appointed by the President or designee.
- Advise, inform, and coordinate with the CISO as appropriate to promote and support the Program and to ensure that Program requirements reflect and support the functional requirements, external requirements, and the mission of the University.
- Advise the President and the CISO as appropriate to ensure that University-wide IT security policies, procedures, and guidelines reflect and support the functional requirements, external requirements, and the mission of the University.
- In collaboration with the CISO advise the University President and Chancellors on risk management decisions and Program direction to ensure alignment with University objectives.
|Vice President, Employee and Information Services||Jill Pollock||Jill.Pollock@cu.edu|
|Senior Vice Chancellor and Chief Financial Officer, CU - Boulder||Kelly Fox||Kelly.Fox@Colorado.EDU|
|Alternate representative to Senior Vice Chancellor and Chief Financial Officer - Senior Associate Vice Chancellor for Budget, Finance and Enrollment Services, CU - Boulder||Steve McNallyfirstname.lastname@example.org|
Associate Vice Chancellor for Budget and Finance, Denver/AMC
|Senior Executive Vice Chancellor for Administration & Finance, UCCS||Brian Burnettemail@example.com|
|Associate Vice President, Business Operations, System Administration||Geoff Barschfirstname.lastname@example.org|
|Chief Technology Officer, UCCS||Jerry Wilson||Jwilson@uccs.edu|
|Associate Vice Chancellor for Information Technology, CU-Boulder||Larry Levine||Larry.Levine@colorado.edu|
Associate Vice President and Chief Information Officer, UIS
|Assistant Vice Chancellor for Information Technology Services, Denver/AMC||Russell Poole||Russell.Poole@ucdenver.edu|
|Legal Counsel||Erica Westonemail@example.com|
|Assistant Vice President and Chief Information Security Officer/CU-Boulder IT Security Principal||Dan Jones||Dan.Jones@colorado.edu|
|CU-Denver and Anschutz Medical Campus (AMC) IT Security Principal||Sean Clark||Sean.Clark@ucdenver.edu|
|UCCS IT Security Principal||Greg Williamsfirstname.lastname@example.org|
|System IT Security Principal||Brad Judy||Brad.Judy@cu.edu|
|Director Internal Audit (Ex-offico member)||Kevin Sisemore||Kevin.Sisemore@cu.edu|
|Alternate representative to Director of Internal Audit - Senior IT Audit Manager||Jim Dillonemail@example.com|
Chief Information Officer/Chief Technology Officer
1. The CIO/CTO is an individual designated by the Chancellor on each campus with oversight authority for all IT operations on that campus. These individuals have the authority to enforce the requirements of University and campus policies for information security.
2. Authorize new IT operations, shut down IT operations that are out of compliance with policy, or transfer management of those operations to a department or service provider with the requisite capabilities.
|Russell Poole||CU-Denver and AMC||Russell.Poole@ucdenver.edu|
|Robert Weir||System Administration||Bob.Weir@cu.edu|