UW–Madison has long been a leader in cybersecurity, with many past successful initiatives, and others underway, protecting users, systems and data for all UW communities. Such efforts include personal training, network and device protections from hacking and phishing, authentication systems, network monitoring, and next-generation technologies.
A recent UW System initiative includes a two-year work plan to bring all campuses in alignment around cybersecurity. UW–Madison is an enthusiastic partner in this initiative, as it includes some measures we already have in place or have planned. Of course some of these will undergo modification to bring them into alignment with the other UW System campuses. In some cases this will mean adopting a new tool to replace one we currently use, in others no change at all, and in still others, adopting entirely new tools and practices.
Given the differences in size, distribution, and complexity of the communities at various UW System campuses, as well as their respective starting points regarding information security and cybersecurity, the time each campus needs to align itself with the plan will be variable. UW–Madison is ahead in some aspects as regards current and past initiatives, but we also boast one of the larger and more complex communities within the system, and that will naturally affect the amount of time needed to implement the projects under this initiative.
- Bob Turner, Chief Information Security Officer; UW–Madison Plan Liaison
- Lois Brooks, CIO and Vice Provost for Information Technology
Updates on the status of this initiative appear here. Sign up below to receive them.
Stay informed about this initiative
Subscribe to our mailing list.
UW System 2 Year Plan Timeline & Milestones
05/31/2018 Communicate Compliance expectations
Formalize and communicate compliance expectations for current and upcoming IS regulations, including GDPR.
01/01/2019 Cultivate Procurement Efficiencies
Work with institutions to find opportunities for procurement efficiencies through System licensing of information security tools
04/01/2019 Data-at-rest Encryption
Establish policy and procedure addressing uniform encryption of sensitive data
04/01/2019 Vulnerability Management Program
Improve Vulnerability Management Program
07/01/2019 Asset Management Policy
Establish and communicate a system-wide asset management policy to facilitate adoption, implementation, and enforcement across UW System
07/15/2019 System Wide MFA Rollout
Complete the System-wide implementation of Multifactor Authentication
09/30/2019 Policy Review & Ratification
Review, ratify and publish the several information security and privacy policies.
10/15/2019 Risk Management Program
Bring to maturation a System-wide IS Risk Management Program
10/15/2019 Expand Training
Expand security and awareness program including but not limited to social engineering, sensitive data protection, password security, ransomware, and email security.
01/01/2020 Privileged Account Plan
Develop a plan limiting the number of users with local administrator privileges
02/01/2020 Entitlement Review Program
Develop and document a formal entitlement review process
03/01/2021 Ensure Access to Subject Matter Experts
Leverage the 2018 Information Security Program to ensure system institutions have access to SME when needed.
|Asset Inventory Management||Steve Krogull (DoIT/SEO), Stefan Wahe (Deputy CISO)|
|Data Management||Alan Ng (DCS/lead), McKinney Austin(Interrim CDO)|
|Multi Factor Authentication||Melissa Tran (DoIT/EIS,), Steve Van Der Weide (WSB)|
|Risk Management||Stefan Wahe (Deputy CISO), Jason Pursian (CALS)|
|Security Awareness Training||Bob Turner (CISO), Susan Weier (L&S)|