Search Information Security site


University Information Security (InfoSec)


The University of Virginia Information Security office (InfoSec) supports the mission of the University by focusing on the continuous enhancement of information policies and security of UVA's diverse and decentralized computing environment.  InfoSec works in partnership with units and individuals across the University to formulate IT policies, standards, and procedures; assess security risks; establish strategic direction; provide security education and training; implement security safeguards; track security incidents; and oversee the annual risk assessment process to evaluate the effectiveness of IT security controls within the IT environments of all UVA departments. This department also provides information security consultation, guidance, and investigative support to the UVA community.

The UVA Information Security office reports to the Office of the Chief Information Officer (CIO).


Jason C. Belford, Chief Information Security Officer (CISO)
(434) 924-4165

Michael Grinnell, Deputy Chief Information Security Officer (DCISO)
(434) 924-7748

Dale Dew, Director of Information Security Engineering

Brian Davis, Director of Information Security Operations
(434) 243-8707

Tim F. Tolson, Director of IT Policy and Compliance
(434) 243-6592

InfoSec Areas

Information Security Engineering

The Information Security Engineering group designs and implements information security architecture to protect UVA's internal network and resources from unauthorized access. By utilizing the latest in Information Security technologies, participating in threat intelligence services, and maintaining connections with a variety of Higher Education Information Security organizations, the information security engineers stay abreast of trends in the cybersecurity threat landscape and mitigate these threats by implementing applicable solutions and tools in a proactive manner to maintain the security of UVA IT resources.

This group can be reached by sending an email to

Information Security Operations

The Information Security Operations group maintains the security of the UVA computing environment, focusing on data minimization, security awareness promotion and training, security incident response, and departmental security liaison activities.

• Information Security Analysts monitor multiple threat intelligence sources, logs, and tools, responding to any incident identified. They also facilitate sensitive data scanning and remediation, web application vulnerability scanning and remediation, and security consultations.

• Information Security Liaisons serve as InfoSec's representatives to schools, departments, and units, providing information security analysis, implementation, reporting and communication activity in support of University-wide technical solutions.

This group can be reached by sending an email to

Information Technology Policy and Compliance

The Information Technology Policy & Compliance team within InfoSec is responsible for developing information technology policies, standards, and procedures and ensuring compliance with those policies. This team conducts information security reviews of all new projects involving the use or storage of highly sensitive UVA data, responds to UVA policy exception, Shibboleth (NetBadge), and business continuity information access requests, and oversees annual risk management assessments for all departments and other unit areas within the University.  The IT Policy and Compliance group provides support to departments, guiding them towards compliance with UVA information technology resource policies

• Security Education & Awareness conducts all information security education and outreach programs such as employee awareness training, speaker series, phishing simulation exercises, and awareness marketing.

This team can be reached by sending an email to

Contacting University Information Security (InfoSec):

2400 Old Ivy Road
P.O. Box 400898
Charlottesville, VA 22904
Email: UVA Information Security office

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form