University of Wisconsin–Madison

Information Security Program and Work Plan Initiative

UW–Madison has long been a leader in cybersecurity, with many past successful initiatives, and others underway, protecting users, systems and data for all UW communities. Such efforts include personal training, network and device protections from hacking and phishing, authentication systems, network monitoring, and next-generation technologies.

A recent UW System initiative includes a two-year work plan to bring all campuses in alignment around cybersecurity. UW–Madison is an enthusiastic partner in this initiative, as it includes some measures we already have in place or have planned. Of course some of these will undergo modification to bring them into alignment with the other UW System campuses. In some cases this will mean adopting a new tool to replace one we currently use, in others no change at all, and in still others, adopting entirely new tools and practices.

Given the differences in size, distribution, and complexity of the communities at various UW System campuses, as well as their respective starting points regarding information security and cybersecurity, the time each campus needs to align itself with the plan will be variable. UW–Madison is ahead in some aspects as regards current and past initiatives, but we also boast one of the larger and more complex communities within the system, and that will naturally affect the amount of time needed to implement the projects under this initiative.


  • Bob Turner, Chief Information Security Officer; UW–Madison Plan Liaison
  • Lois Brooks, CIO and Vice Provost for Information Technology

Stay informed about this initiative

Subscribe to our mailing list.

UW System 2 Year Plan Timeline & Milestones


Formalize and communicate compliance expectations for current and upcoming IS regulations, including GDPR.


Work with institutions to find opportunities for procurement efficiencies through System licensing of information security tools


Establish policy and procedure addressing uniform encryption of sensitive data


Improve Vulnerability Management Program


Establish and communicate a system-wide asset management policy to facilitate adoption, implementation, and enforcement across UW System


Complete the System-wide implementation of Multifactor Authentication


Review, ratify and publish the several information security and privacy policies.


Bring to maturation a System-wide IS Risk Management Program


Expand security and awareness program including but not limited to social engineering, sensitive data protection, password security, ransomware, and email security.


Develop a plan limiting the number of users with local administrator privileges


Develop and document a formal entitlement review process


Leverage the 2018 Information Security Program to ensure system institutions have access to SME when needed.


Information Security Program and Work Plan Projects and Co-Leads
Asset Inventory ManagementSteve Krogull (DoIT/SEO), Stefan Wahe (Deputy CISO)
Data ManagementAlan Ng (DCS/lead), McKinney Austin(Interrim CDO)
Multi Factor AuthenticationTamara Walker(DoIT/US,), Steve Van Der Weide (WSB)
Risk ManagementJason Pursian (CALS)
Security Awareness TrainingBob Turner (CISO), Susan Weier (L&S)