University of Wisconsin–Madison

Information Security Program and Work Plan Initiative

UW–Madison has long been a leader in cybersecurity, with many past successful initiatives, and others underway, protecting users, systems and data for all UW communities. Such efforts include personal training, network and device protections from hacking and phishing, authentication systems, network monitoring, and next-generation technologies.

A recent UW System initiative includes a two-year work plan to bring all campuses in alignment around cybersecurity. UW–Madison is an enthusiastic partner in this initiative, as it includes some measures we already have in place or have planned. Of course some of these will undergo modification to bring them into alignment with the other UW System campuses. In some cases this will mean adopting a new tool to replace one we currently use, in others no change at all, and in still others, adopting entirely new tools and practices.

Given the differences in size, distribution, and complexity of the communities at various UW System campuses, as well as their respective starting points regarding information security and cybersecurity, the time each campus needs to align itself with the plan will be variable. UW–Madison is ahead in some aspects as regards current and past initiatives, but we also boast one of the larger and more complex communities within the system, and that will naturally affect the amount of time needed to implement the projects under this initiative.

Sponsors

  • Bob Turner, Chief Information Security Officer; UW–Madison Plan Liaison
  • Lois Brooks, CIO and Vice Provost for Information Technology

Initiative updates

Updates on the status of this initiative appear here. Sign up below to receive them.

Stay informed about this initiative

Subscribe to our mailing list.

UW System 2 Year Plan Timeline & Milestones

account_circle

Formalize and communicate compliance expectations for current and upcoming IS regulations, including GDPR.

attach_money

Work with institutions to find opportunities for procurement efficiencies through System licensing of information security tools

signal_wifi_4_bar_lock

Establish policy and procedure addressing uniform encryption of sensitive data

format_list_numbered

Improve Vulnerability Management Program

keyboard

Establish and communicate a system-wide asset management policy to facilitate adoption, implementation, and enforcement across UW System

screen_lock_portrait

Complete the System-wide implementation of Multifactor Authentication

description

Review, ratify and publish the several information security and privacy policies.

security

Bring to maturation a System-wide IS Risk Management Program

school

Expand security and awareness program including but not limited to social engineering, sensitive data protection, password security, ransomware, and email security.

folder_shared

Develop a plan limiting the number of users with local administrator privileges

calendar_today

Develop and document a formal entitlement review process

accessibility

Leverage the 2018 Information Security Program to ensure system institutions have access to SME when needed.

Projects

Information Security Program and Work Plan Projects and Co-Leads
ProjectLeads
Asset Inventory ManagementSteve Krogull (DoIT/SEO), Stefan Wahe (Deputy CISO)
Data ManagementAlan Ng (DCS/lead), McKinney Austin(Interrim CDO)
Multi Factor AuthenticationMelissa Tran (DoIT/EIS,), Steve Van Der Weide (WSB)
Risk ManagementStefan Wahe (Deputy CISO), Jason Pursian (CALS)
Security Awareness TrainingBob Turner (CISO), Susan Weier (L&S)