In this post, gain some insights into the work of the UNC-Chapel Hill Information Security Office as well as a few of the leaders behind that work.

First, Kevin Lanning, Executive Director and Chief Information Security Officer, explains what his division does and how his staff members accomplish this work.

Then, respectively, hear from Brian Penders, Incident Management and Digital Forensics Team Lead, and Mel Radcliffe, Risk Team Lead, about the function of their individual groups and fun facts about their work.

Kevin Lanning headshot
Kevin Lanning

Meet the Director:  Kevin Lanning

Title: Executive Director and Chief Information Security Officer (CISO). Lanning has worked at the University for 18 years, including 11 years in the Information Security Office (ISO) and four years as CISO

Works at: ITS Franklin

Group: The Information Security Office includes the following functional teams: risk management, operations and outreach, incident management and forensics, network-based controls and mitigation, project management as well as architecture and consulting.

About our function: The Information Security Office advances the University’s teaching, research and public service goals by identifying and addressing risks to the confidentiality, integrity and availability of University information and systems. The ISO continuously improves the enterprise information security vision, strategy and program to ensure information assets are protected and the mission of the University is supported.

But how does the ISO really do the above? By collaborating extensively and clarifying actions each University affiliate should take to keep our information safe and thereby support the University running smoothly from an information assets and systems perspective.

Lanning started making a list of the groups on which the ISO relies to do this work and it became too extensive for this format. The ISO stands on the shoulders of every person reading this post. One of the best measures of a mature information security program is the extent to which it is embedded in the fabric of the organization. Information security is not something done by the ISO; rather, it is something all affiliates do as appropriate to their role in supporting the mission of the University.

The ISO has plenty of tools that help with this work. To mention a single tool, the network firewalls block approximately 70 million unwanted (i.e., no identified business need) connection attempts per day.

With 24x7x365 rotating on-call, one of the members of ISO team is on-call at all times to help protect the information assets of the University.

Our primary customers: All UNC-Chapel Hill constituents

Fun facts about our team’s work: You might be surprised at some of the personal interests of ISO staff members. Next time you see an ISO team member, consider asking about family, hobbies, interests, etc.


Brian Penders headshot
Brian Penders

Meet the Team Leader: Brian Penders

Title: Incident Management and Digital Forensics Team Lead

Works at: ITS Franklin Information Security Office

Group: Incident Team

About our function: The Incident Team is the investigative arm of the Information Security Office. Information security incidents are those events that place institutional information or critical systems at risk. Our team prepares for and directs the response to those incidents when they arise. We work closely with the ITS Privacy Office and the Office of University Counsel to investigate information security incidents and recommend risk decisions to senior leadership. When requested, the Incident Team also assists with investigations initiated by UNC Police, the Office of Human Resources and Student Affairs.

The Incident Team has a full digital forensics laboratory in ITS Franklin for forensic analyses related to incident investigations as well as other data recovery needs. We examine laptop/desktop computers, external hard drives, virtual machines and mobile devices (cell phones and tablets). We also maintain contracts and coordinate with vendors for special/advanced digital forensics or data recovery needs. The Incident Team is also responsible for the deployment of Office 365 security tools and other cloud security/incident response functions.

Our primary customers: Students, faculty and staff at UNC-Chapel Hill

Fun facts about our team’s work:

  • In the last eight years, the ISO has responded to more than 1,000 information security incidents and forensically acquired/examined nearly 30 terabytes of data.
  • Our team relies heavily on the ITS Service Desk and the ITS Operations Center for security incident triage both during and after working hours.


Mel Radcliffe headshot
Mel Radcliffe

Meet the Team Leader: Mel Radcliffe

Title: Risk Team Lead

Works at: ITS Franklin Information Security Office

Group: Information Security Office Risk Team

About our function: The Risk Team provides services in three key areas: Risk Assessments, Vulnerability Management and Compliance.

Our team works closely with customers, vendors, Procurement, Privacy, data stewards and IT staff across the campus when conducting risk assessments.

A risk assessment is a systematic review of a product or service, the nature of the data that is created/stored/transmitted within that system, and the security controls available for the data. We are particularly concerned about the appropriate use and security of Individually Identifiable Health information, Personally Identifiable Information (PII), FERPA (student) and credit card data.

A review of the vendor provides us with information that our Chief Information Security Officer can use to assign a risk rating which, in turn, helps the appropriate data stewards make an assessment on the risk of releasing data for use in the service/product. The goal is to support the business of the University while reducing risk to an acceptable level.

Our team also manages the Qualys vulnerability management system and the companion System Administration Initiative (SAI) environment. Our goal is to provide tools and processes for system administrators and others on campus to monitor and manage vulnerabilities found in systems that house sensitive information and to address and remediate those vulnerabilities. This reduces the overall risk that the University faces.

The third area of responsibility for our team is Compliance, particularly as it relates to credit card data (aka Payment Card Industry compliance). We work closely with the Finance Office to ensure that the University meets these industry standards and to promote the secure use of credit cards. The diversity and number of merchants across the University can be challenging.

Our primary customers: Students, faculty and staff at UNC-Chapel Hill

Fun facts about our team’s work:

  • Between July 1, 2016 and June 30, 2017, our office handled 33 risk assessment requests. This represents a 100 percent increase from the previous fiscal period.
  • More than 8,000 Qualys vulnerability scans have been run this calendar year across the campus.
  • Between July 1, 2016 and June 30, 2017, the University did more than $100 million worth of business via credit cards. There are 48 departments with credit card merchant accounts, totaling 129 accounts.
Comments are closed.