Skip to main content

Information Security Strategy

This project sought to define our desired future state and create an information security strategy and roadmap for the next 10 years. The project completed in July 2022.

As WVU prepares for a major modernization initiative, it is an opportune time to reevaluate the information security strategy and roadmap. The objective is to manage the institution’s risk by complying with regulatory requirements and taking a risk-based approach to defending, detecting and responding to threats.

Phase 1: Assessment

Conduct a current state assessment to understand current strengths and gaps across organizational capabilities and governance, technology (including security controls and architecture), funding and administration.

Phase 2: Strategy

Design the future state of the information security program and develop a strategy that guides the University to that future state.

Phase 3: Create a Roadmap

Create a prioritized, multi-year roadmap to achieve the desired future state.

Phase 4: Design

Complete an organizational review and design an information security organization to support the future state program.

  • Todd Witter, Team Lead and Technical Program Manager for Strategic Partnerships
  • John Lympany, Director of Information Technology, John Chambers College of Business and Economics
  • Farhan Ahmed, Assistant Vice President and Chief Technology Officer, West Virginia United Health Services
  • James Bardes, Assistant Professor, WVU School of Medicine
  • Rosemary Casteel, Director of Research Integrity and Compliance
  • Toni Christian, Director of Benefits Strategy
  • Kim Foley, Director, Payroll and Employee Processing Services
  • Nathan Garver-Daniels, Research Corp. Employee for Research Computing
  • Lydia Greaser, Director of Information Security, Health Sciences Information Technology Services
  • Chris Griffin, Assistant Professor, CEMR Mechanical and Aerospace
  • Michael Hu, Assistant Professor, WVU School of Medicine
  • Wade Huebsch, Professor, CEMR Mechanical and Aerospace
  • David Kosslow, Assistant Vice President for Finance Operations
  • Brent McCusker, Chairperson for Geology and Geography
  • Tom Moran, Director of Information Technology for the College of Arts and Sciences
  • Tareva Palmer, Chief Information Security Officer, West Virginia United Health Services
  • Laurie Pollock, Assistant Director and ITS Business Analyst
  • Rick Pritt, Professional Technologist, CEMR Mineral Sciences
  • Chris Ramezan, Assistant Professor, John Chambers College of Business and Economics
  • James Simpkins, Professor, WVU School of Medicine
  • Mike Spooner, Associate General Counsel, Office of General Counsel
  • Sarah Seime, Director of Employee Relations
  • Matthew Valenti, Professor, CEMR Computer Science and Electrical

Information Security Strategy Project Timeline
Timeframe Work to Complete Status
Early April 2022 Project Kickoff Complete
April-May 2022 Identify gaps between current/desired states and design future state Complete
May-June 2022 Review and refine future state roadmap with leadership and key stakeholders Complete

The Information Security Strategy project's Design Team has created and reviewed a multi-year strategic roadmap. It includes an updated mission and vision, as well as recommendations on organizational design to support the future program.

Mission and Vision

Mission: The mission of West Virginia University's information security program is to advance and empower the University’s teaching, learning, research and service pursuits by safeguarding its information assets from threats and ensuring the confidentiality, integrity, and availability of its systems and data.

Vision: To support and catalyze West Virginia University’s vision of advancing knowledge and bringing valued solutions to real-life problems in the areas of education, healthcare and prosperity, the institution’s information security program will become a strategic asset that anticipates the future of information security, balances security requirements with the need to innovate and experiment and promotes education and awareness for information security to advance a culture of shared responsibility across the university's diverse community.

Guiding Principles

  • One Unified Information Security Program: Align to a single information security program that ensures consistency, scalability and efficient use of resources, while recognizing the need to support teaching, learning and research.
  • Shared Responsibility: Enable all University stakeholders to build a culture of information security by increasing awareness and offering education.
  • Ensure Security, Prioritize Usability: Implement security controls based on risk and avoid controls that introduce unnecessary complexity or do not add value.
  • Continuous Improvement: Continuously measure program effectiveness for opportunities to improve, cultivate security excellence and anticipate the future.
  • Minimize the Attack Surface: Reduce redundant services that expand attack surface, introduce complexity or reduce efficiencies.
  • Regulatory Compliance: Comply with federal, state and local laws and any contracts, agreements or University policies that require WVU to deploy security safeguards, and do so in a cost-effective manner.

Strategic Goals

  1. Align current information security activities into a unified security program that supports WVU's overall mission.
  2. Develop a culture of information security.
  3. Implement a risk-based strategy.
  4. Improve resilience capabilities and business continuity planning for WVU's information assets.
  5. Enhance information security support for research.
  6. Strengthen security fundamentals.
  7. Improve Identity and Access Management.

Looking Forward

Senior management will prioritize options within the roadmap to determine when to launch initiatives that will continue to drive WVU’s Information Security program forward.