Implementing Information Security Governance: A Real-Life Example

Presenter: Bruce Edwards, President, ISACA - Wellington Chapter

Implementing information security governance in a way that effectively and suitably increases trust within and reduces risk to the organisation is a challenge for many organisations. A sound governance foundation can set the tone and empower information security effectiveness.

In this session, Bruce will discuss his experience as Chief Information Security Officer at the University of Louisville (in Louisville, Kentucky, USA); a position he held for nearly six years from the position's establishment and how sound Information Security governance was a key to effectively moving the university's information security program forward.

We will review the university's background that lead to the establishment of the CISO role, the reporting relationship of the CISO within the university, and how this positioning facilitated success at significantly increasing trust and reducing risk by changing the approach to information security within the university and lead to buy-in and support of the vast majority of stakeholders as information security was aligned with the university's enterprise strategy and long term vision. We will also see some examples of efforts within the information security program and how these tied back to overall governance and support of the university's strategic vision.

Bruce has over 25 years information security, audit and training experience in the public and private sectors including life insurance, health insurance, government, university and utilities sectors and has performed both operational and advisory roles.

Bruce is currently Manager, Information Systems Audit and Assurance at Audit New Zealand and is based in Wellington, New Zealand. Immediately before moving to New Zealand from the U.S.A. in 2010, Bruce was the CISO at the University of Louisville, a position he held for nearly six years where he lead successful projects on eHealth security compliance, information security training and awareness, risk management and assessment, policy and standards redesign/adoption, business owner engagement, research facility security compliance and staff education, among many other efforts.

In the U.S., Bruce was a member of the Kentucky eHealth Network Privacy and Security Subcommittee, the Louisville Health Information Exchange, the Health Care Compliance Association (HCCA) and the Health Information Security and Policy Collaboration Project (HISPC). He is President of ISACA's Wellington chapter and has been involved with ISACA boards/committees first in Louisville, Kentucky and then in Wellington since 1999. He has spoken or instructed at National and International Conferences or events in New Zealand, Australia and the United States from 2005 to the present on implementing information security programmes, practical information security policies and standards, and other audit, risk and compliance topics.

Bruce completed his Masters in Public Health in 2010 and maintains CISM, CISA, CRISC, CIA and Prince2 Practitioner qualifications.

Please click here to RSVP via email to Andrew Simpson

RSVP date: 16 November