The Office of Cybersecurity supports the CIO and the campus by leading and managing campus efforts to reduce risk. Strategies include appropriate handling of data, continued diagnostics and good processes and procedures to manage our intellectual property and other sensitive information.
Announcing: Cybersecurity Risk Assessment
Beginning on July 5, participating campus units will undergo an external cybersecurity risk assessment. This vulnerability scan, through Cylance, Inc., is intended to identify signs of malicious activity for the purpose of diagnosing possible compromise and risks to participating units. If compromised machines are discovered during the analysis, Cylance will contact the Office of Cybersecurity for follow up and remediation with system owners.
This initiative has received the endorsement of the University Committee, Chancellor Blank, the interim UW‑Madison Chief Information Officer, and Chief Information Security Officer.
Governance, risk & compliance
This team focuses on governance and methods to accurately identify and assess IT security risks. Through implementation of a Risk Management Framework, they design and architect security strategy and advise system owners and developers on methods to implement security controls for applications and infrastructure. On behalf of the UW-Madison CIO, this team also establishes, monitors and maintains IT policies and security standards, including the appropriate cybersecurity baselines and plans across campus and in coordination with various advisory groups. Learn about the risk management framework
Security testing & cyberdefense
This team supports implementation of frameworks and processes that pro-actively identify, assess and manage vulnerabilities. They do this by testing systems throughout the systems development lifecycle. They also guide system administration and engineering staff in implementing an appropriate set of IT risk mitigation controls.
Monitoring & incident response
Monitors the network and systems for attacks, respond to incidents and recommend or perform incident remediation.
Enterprise system security
Although currently focused on Enterprise Resource Planning systems, this team performs security assessments and manages account and role access authorizations. These include the spectrum of systems managed by DoIT on behalf of the University and UW System Administration.
Security education, training & awareness (SETA)
This team creates and maintains a portfolio of security awareness efforts for students, staff, faculty and other community groups. Through implementation of these efforts the SETA team builds a community of experts and improves institutional user competence. The SETA Domain Lead works to define group-specific security-awareness programs for IT and security staff, students, administrators and faculty/researchers; to develop campus policy requiring participation in SETA; to improve security awareness through active Phishing campaigns; to provide resources and communications materials in an ongoing effort to promote best security practices, raise awareness about data protection and security standards, and educate campus users about how to become better cyber-citizens; and to develop a list of continuing professional education opportunities using open source materials and in collaboration with the Big Ten Academic Alliance’s Security Working Group.
Keeping your devices safe can appear daunting, but the following 7 steps go a long way toward keeping your devices and personal data safer. Continue Reading 7 simple steps to make your devices more secure
Hackers have dozens of tools at their disposal for cracking passwords. Simple passwords can be cracked in matter of seconds. Learn how to create strong passwords in this guide. Continue Reading How to select, manage & protect your passwords
Guides for professionals
- Specific topics
- General guidelines & compliance
Useful security guides
- How to securely connect to the UW Network
- Get free antivirus software
- Secure your computer
- Secure your mobile device
- Handling sensitive University data
- Media downloads and copyright infringement
- File sharing and RIAA
- Protecting your online identity
- Use a Virtual Private Network (VPN)
- Learn how to recognize and report phishing
- How to select, manage and protect passwords
- Back up your data
- Safe social networking
- Get a personal digital certificate
- Find sensitive data on your computer
- Prevent unauthorized use
- Preventing laptop theft
- The Academic Professional’s Guide to Safe Computing When Traveling Abroad
- Tools & best practices for campus developers
The following message is being distributed to the UW-Madison campus. As most on the UW-Madison campus are aware, there have been an increasing number of high-profile IT security “matters” during the past few months. Many… Continue Reading UW Campus Vulnerability Scan Coming SoonJune 13, 2017
The CISO’s Perspective / Special Edition Over the last several weeks the UW-Madison Cybersecurity Operations Center has observed two significant events along with several minor to important episodes which should cause all of us to… Continue Reading Google Docs, ransomware and other adventuresMay 15, 2017
The CISO’s Perspective “It’s not important because it’s policy, its policy because it’s important.” — Gary Declute After working on it for about a year, we are in the end stages of walking the Cybersecurity Risk… Continue Reading Now that we know what cybersecurity risk is…March 14, 2017
- More Cybersecurity News posts