University of Wisconsin–Madison

Cybersecurity Risk Assessment FAQs

Beginning on July 5, participating campus units will undergo an external cybersecurity risk assessment. This vulnerability scan, through Cylance, Inc., is intended to identify signs of malicious activity for the purpose of diagnosing possible compromise and risks to participating units. If compromised machines are discovered during the analysis, Cylance will contact the Office of Cybersecurity for follow up and remediation with system owners.

This initiative has received the endorsement of Chancellor Blank, the interim UW‑Madison Chief Information Officer, and the Chief Information Security Officer. The University Committee also understands and recognizes the project need.

Below are detailed answers to frequently asked questions about the risk assessment.

General FAQs

FAQs for faculty, staff, students

  • What types of devices will be included in the assessment?

    The assessment looks at university-managed endpoint devices, specifically desktop and laptop computers running Windows, Mac OS and Linux/Unix operating systems. Mobile devices such as tablets and smartphones are not included.

  • Will my personally owned computer be included in the data collection?

    Personally owned computers not managed by the university will not be part of the data collection. If your machine is managed by the university, it may be included in the scan unless your IT administrator opts you out.

  • Can I opt out of the data gathering? How do I do that?

    Personally owned computers are not included in the data collection and do not need to be opted out. If your department is participating in the assessment, your departmentally owned and managed computer may be included in the data collection. Please check with your departmental IT administrator to determine if your unit is included in the assessment.

  • What happens if my computer is found to be at risk?

    The Office of Cybersecurity will contact your departmental IT staff to suggest remediation. If you do not have internal departmental support, the Office of Cybersecurity will contact you directly. The data collection is not meant to place blame, merely to assess vulnerabilities and put fixes in place in order to protect data.

FAQs for department IT administrative staff