Key personnel for information security
Jeff Springer, Chief Information Security Officer
The Chief Information Security Officer (CISO) directs staff in identifying, developing, implementing and maintaining processes across the University of Nevada, Reno to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and consults, advises and directs the establishment and implementation of policies and procedures at all levels within the organization up to and including the President. The position is responsible for campus-wide information-related compliance as it relates to federal, state, and local regulatory requirements. In addition to the information security related duties, the individual is in charge of all centralized identity management processes and systems. The CISO supervises and manages administrative IT security faculty. The position reports to the Chief Information Officer (CIO) in Information Technology.
Aaron Walker, Information Security Officer
Under the general supervision of the Chief Information Security Officer, the Information Security Officer works on fulfilling the day to day operational requirements of the Information Security unit of the Office of Information Technology (OIT). This includes being the primary coordinator for responding to cyber security incidents, managing the systems responsible for tracking and managing incidents, as well as handling related forensic investigations and follow up procedures. In addition there are duties associated with our ongoing vulnerability assessment and mitigation strategies. This position works closely with other units in OIT to assist in monitoring systems for security events and provides guidance in improving the overall security posture of the University. This position also serves as the HIPAA Security Officer for the University Medical School, clinical operations and other University covered entities.
Security awareness training: Faculty and staff have free information security awareness training available to them. Some of the topics covered in this general security awareness course include: privacy, threats, safe computing best practices, password best practices, malware, social engineering, phishing, physical security, data security, and mobile and remote computing best practices.
In addition to the free managed training available to all faculty and staff, employees can also take advantage of security awareness training through Lynda.com. Within our internal SharePoint compliance site, users are given resources to the recommended Lynda.com courses.