The Office of Cybersecurity supports the CIO and the campus by leading and managing campus efforts to reduce risk. Strategies include appropriate handling of data, continued diagnostics and good processes and procedures to manage our intellectual property and other sensitive information.
We’re hiring 13 people in the near future!
Information Security Program and Work Plan Initiative
A recent UW System initiative includes a two-year work plan to bring all campuses in alignment around cybersecurity.
Cybersecurity Regulatory Compliance
Serving campus in HIPAA security, General Data Protection Regulation (GDPR), Controlled Unclassified Information (CUI), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI-DSS).
Multi-factor Authentication
Multi-Factor Authentication adds an extra layer of security that requires an individual to verify their identity using something that only they possess — for example, a smartphone or token.
Endpoint Management
The Endpoint Management & Security Project’s overarching purpose is to identify, procure and implement a common set of efficient and effective solutions before January 1, 2020.
Cybersecurity teams
-
Governance, risk & compliance
This team focuses on governance and methods to accurately identify and assess IT security risks. Through implementation of a Risk Management Framework, they design and architect security strategy and advise system owners and developers on methods to implement security controls for applications and infrastructure. On behalf of the UW-Madison CIO, this team also establishes, monitors and maintains IT policies and security standards, including the appropriate cybersecurity baselines and plans across campus and in coordination with various advisory groups. Learn about the risk management framework
-
Security testing & cyberdefense
This team supports implementation of frameworks and processes that pro-actively identify, assess and manage vulnerabilities. They do this by testing systems throughout the systems development lifecycle. They also guide system administration and engineering staff in implementing an appropriate set of IT risk mitigation controls.
-
Monitoring & incident response
Monitors the network and systems for attacks, respond to incidents and recommend or perform incident remediation.
-
Enterprise system security
Although currently focused on Enterprise Resource Planning systems, this team performs security assessments and manages account and role access authorizations. These include the spectrum of systems managed by DoIT on behalf of the University and UW System Administration.
-
Security education, training & awareness (SETA)
This team creates and maintains a portfolio of security awareness efforts for students, staff, faculty and other community groups. Through implementation of these efforts the SETA team builds a community of experts and improves institutional user competence. The SETA Domain Lead works to define group-specific security-awareness programs for IT and security staff, students, administrators and faculty/researchers; to develop campus policy requiring participation in SETA; to improve security awareness through active Phishing campaigns; to provide resources and communications materials in an ongoing effort to promote best security practices, raise awareness about data protection and security standards, and educate campus users about how to become better cyber-citizens; and to develop a list of continuing professional education opportunities using open source materials and in collaboration with the Big Ten Academic Alliance’s Security Working Group.
-
IT and Cybersecurity Policy
On behalf of the Chief Information Officer (CIO), the IT and Cybersecurity Policy Team develops IT and cybersecurity policy, provides leadership for related program planning and documentation, and coordinates efforts with the Policy Planning Team (PPT). The PPT is an advisory group for IT policy principles and procedures, and overall IT policy planning. The PPT is advisory to the Office of the CIO through the Chief Information Security Officer (CISO).
Additional resources
Security Software
Every UW-Madison student and employee is encouraged to install the free security software, which includes Symantec AntiVirus and Virtual Private Network (VPN) desktop software.
7 simple steps to make your devices more secure
Keeping your devices safe can appear daunting, but the following 7 steps go a long way toward keeping your devices and personal data safer.
Securing Your Computer
UW-Madison’s Electronic Devices Policy requires all campus users to run anti-virus software, keep security patches updated and, whenever possible, maintain a dedicated firewall. This guide will help you.
How to select, manage & protect your passwords
Hackers have dozens of tools at their disposal for cracking passwords. Simple passwords can be cracked in matter of seconds. Learn how to create strong passwords in this guide.
Office 365 message encryption
Email poses a security risk, as the default use transmits the data as plain text and is vulnerable to interception between the sender and recipient. Encryption reduces this risk significantly.
Guides for professionals
- Specific topics
- General guidelines & compliance
-
Useful security guides
- How to securely connect to the UW Network
- Get free antivirus software
- Secure your computer
- Secure your mobile device
- Handling sensitive University data
- Media downloads and copyright infringement
- File sharing and RIAA
- Protecting your online identity
- Use a Virtual Private Network (VPN)
- Learn how to recognize and report phishing
- How to select, manage and protect passwords
- Back up your data
- Safe social networking
- Get a personal digital certificate
- Find sensitive data on your computer
- Prevent unauthorized use
- Preventing laptop theft
- The Academic Professional’s Guide to Safe Computing When Traveling Abroad
- Tools & best practices for campus developers
Cybersecurity news
New Hiring Strengthens Cybersecurity Initiative
The Office of Cybersecurity's current focus is on hiring additional staff in support of meeting the goals of the 2-year work plan. Continue Reading New Hiring Strengthens Cybersecurity Initiative
January 22, 2019New Year’s Resolutions
THE CISO'S PERSPECTIVE: Elevating our cybersecurity program to what the National Institute for Standards and Technology’s Cybersecurity Framework calls adaptive. Continue Reading New Year’s Resolutions
January 9, 2019UW Endpoint Management and Security Software License Review Coming
The evaluation team expects to select solutions in April 2019 and begin implementing them shortly thereafter. Continue Reading UW Endpoint Management and Security Software License Review Coming
January 8, 2019Data Privacy Month Panel Discussion happens Jan 23
Topics include the intersection of data privacy and cybersecurity plus how you can protect your work, research and personal data. Continue Reading Data Privacy Month Panel Discussion happens Jan 23
January 8, 2019UW Cybersecurity is hiring to boost campus service
Imagine how much safer you and your data could be if the campus added 13 more cybersecurity professionals to its force. That’s the immediate plan. Continue Reading UW Cybersecurity is hiring to boost campus service
December 11, 2018- More Cybersecurity News posts