About
The University of Virginia Information Security office (InfoSec) supports the mission of the University by focusing on the continuous enhancement of information policies and security of UVA's diverse and decentralized computing environment. InfoSec works in partnership with units and individuals across the University to formulate IT policies, standards, and procedures; assess security risks; establish strategic direction; provide security education and training; implement security safeguards; track security incidents; and oversee the annual risk assessment process to evaluate the effectiveness of IT security controls within the IT environments of all UVA departments. This department also provides information security consultation, guidance, and investigative support to the UVA community.
The UVA Information Security office reports to the Office of the Chief Information Officer (CIO).
LEADERSHIP
Michael Grinnell, Interim Chief Information Security Officer (Interim CISO)
[email protected]
(434) 924-7748
Michael Grinnell, Deputy Chief Information Security Officer (DCISO)
Interim Information Security Officer – Engineering and Operations
[email protected]
(434) 924-7748
Brian Davis, Information Security Officer – Governance, Risk and Compliance
[email protected]
(434) 243-8707
Dale Dew, Director
[email protected]
(434) 924-7525
InfoSec Areas
Engineering and Operations
Information Security Engineering
The Information Security Engineering team designs and implements information security architecture to protect UVA's internal network and resources from unauthorized access. By utilizing the latest in Information Security technologies, participating in threat intelligence services, and maintaining connections with a variety of Higher Education Information Security organizations, the information security engineers stay abreast of trends in the cybersecurity threat landscape and mitigate these threats by implementing applicable solutions and tools in a proactive manner to maintain the security of UVA IT resources.
This team can be reached by sending an email to [email protected].
Information Security Operations
The Information Security Operations team maintains the security of the UVA computing environment, focusing on data minimization and security incident response. They monitor multiple threat intelligence sources, logs, and tools, responding to any incident identified. They also facilitate sensitive data scanning and remediation, web application vulnerability scanning and remediation, and security consultations.
This team can be reached by sending an email to [email protected].
Governance, Risk, and Compliance
Information Technology Policy
The Information Technology Policy team is responsible for developing and updating UVA's IT policies, standards, and procedures to keep them current with the changing information security landscape.
This team can be reached by sending an email to [email protected].
Information Security Compliance
The Information Security Compliance team is responsible for coordinating efforts across the University to meet the existing requirements, regulations, and review standards to which UVA departments are accountable. As part of these activities, the Compliance team facilitates some risk review functions such as the ones described in the University Data Protection Standards regarding the vendor security review requirement for the storage of University data in a cloud environment.
This team can be reached by sending an email to [email protected].
Information Security Services and Engagement
The Services and Engagement team manages the 2-Step Login (2FA/Duo), VPN Assessment (Opswat), and Vulunerabilty Management (Qualys) services. Part of its engagment efforts includes the Information Security Liaison, who serves as InfoSec's representative to schools, departments, and units, providing information security analysis, implementation, reporting and communication activity in support of University-wide technical solutions. Contact the team regarding these matters by sending an email to [email protected].
In addition, the Services and Engagement team conducts information security education and outreach programs such as the required Information Security Awareness Training and High Security Awareness Training for HSVPN users. It also conducts employee awareness training, speaker series, phishing simulation exercises, and cybersecurity awareness. Contact the team regarding these matters by sending an email to [email protected].
Contacting University Information Security (InfoSec):
918 Emmet Street
P.O. Box 400898
Charlottesville, VA 22904
Email: UVA Information Security office