UW‍–‍Madison Information Security Team (MIST)

The UW–‍Madison Information Security Team (MIST) is a collaborative group of campus IT staff and management with a common interest in promoting information security at UW Madison.

Members provide communication, guidance and leadership for campus-wide security issues and initiatives and serve an advisory group to the UW–‍Madison Chief Information Security Officer.

At a glance

Contacts

Jackson Kestner & Tim Bohn (Co-Chairs)

Line art image of a calendar with an arrow pointing right

Upcoming Meetings

1st Thursday of Every Month from 2:00-3:00PM (Schedule)

Line art image of a stack of documents with a letter D and an information button

Documents

Meeting agenda, minutes, presentations

CharterGoogle Drive
(Access required, click the “Request access” button when prompted)

MIST Collaborative Guidelines

Support the IT Security Principles of:

  • Security is a shared responsibility
  • Security is part of the development life cycle
  • Security is asset management
  • Security is a common understanding

Actively participate in reviewing and discussing IT Security Strategy, IT Policies and IT security tools and processes.

Communicate broadly and deeply within your campus organization as well as with the CISO and UW–‍Madison IT Security Team.

Consider and balance broad cross-campus perspectives and local perspectives.

Be respectful and inquisitive of differing options.

Be supportive internally and externally of decisions established by this group.

Roles, goals, expectations & responsibilities

Roles

Sponsors

UW-MIST has two sponsors: the UW–‍Madison Chief Information Security Officer (CISO) and the UW–‍Madison Chief Information Officer (CIO), who also serves as the executive sponsor. They are responsible for directing and prioritizing efforts of the group, reviewing and responding to reports provided by UW-MIST, selecting the community chairperson, and reporting to and collaborating with the IT Management Advisory Groups.

Chairpersons

UW-MIST will have two chairpersons. One chair is an Assistant Director within the Office of Cybersecurity while the other is a member of UW–‍Madison’s distributed IT community outside of the Division of Information Technology. The chairpersons serve a two-year term rotating opposite years. Members provide nominations for the community chairperson to the current chairs, who will act as facilitators in the chair selection process. Chairs objectively present the nominations to the Sponsors, who make a selection. The community chairperson may serve more than one term, but their terms may not be consecutive. The term for the community chairperson will begin on February 1st of even numbered years while the term for the Office of Cybersecurity Assistant Director will begin on February 1st of odd numbered years. If a Chairperson is unable to complete their assigned duties, nominations will be gathered from the UW MIST community and presented to the Sponsors for selection.

Chairpersons, in conjunction with the Executive Committee, are responsible for overseeing subcommittee work, recruiting and maintaining a membership that is representative of campus, and directing or delegating work assigned to the Facilitator. They are also responsible for calling meetings, keeping up-to-date membership rolls, recording and communicating decisions, reporting to the sponsors, and ensuring an inclusive discussion. Chairpersons will ensure the distribution of agendas and discussion materials at least 48 hours prior to meetings. Chairpersons will also ensure discussions are inclusive of various perspectives and opinions.

Executive Committee

The UW-MIST Executive Committee is responsible for charting the direction of UW-MIST in accordance with this charter and the UW–‍Madison Cybersecurity Strategy [1] via suggestions of content for meeting agendas and formalizing subcommittees to work on specific efforts. Members include the CISO, Chairpersons, Facilitator, and Chair-or-Sponsor-invited members representing the wider membership. Other members may provide suggestions to Executive Committee members on agenda content.

Support Staff

Support staff will be available to UW MIST to meet the group’s logistical needs. The support staff would be responsible for organizing all meetings per the Chairs’ instruction. This includes reserving appropriate meeting spaces, publishing meeting agendas, and other supplemental notes or recordings, as needed by the membership. The support staff and Chairpersons will coordinate to define the support staff’s responsibilities and duties.

Members

UW-MIST membership includes any faculty, student, or staff member with an interest in cybersecurity and a willingness to participate in open discussions about cybersecurity at UW–‍Madison. Members join the community in a variety of ways: a division, department, or unit lead may appoint them, they may participate on their own recognizance, or a sponsor, chair, or member may recruit them.

Members aid the Office of Cybersecurity in setting and advancing a consistent cybersecurity strategy for campus. Members attend the monthly meetings, having reviewed any discussion or presentation materials in advance. They also actively participate in the community outside of meetings, in particular, by reading and contributing to conversations occurring on the community’s mailing list. Outside of the community, members advance the agenda of cybersecurity to the entirety of campus, in particular, by conveying best practices and lessons learned from the community to their own division, department, or unit. Members appreciate and value a wide range of perspectives, and represent those perspectives both inside and outside of the community, and are respectful of everyone attempting to improve cybersecurity, even if there is a disagreement over opinions or methods.

Subcommittees

UW-MIST uses subcommittees to focus a select group of members on a particular issue that requires more work or discussion than is possible in monthly meetings. These groups are responsible for providing periodic report-outs to the entire community. Subcommittees must provide any work they generate to a common repository, open to all of UW-MIST. It is up to each subcommittee and its sponsors to invite members outside of the community, if needed. sitory, open to all of UW-MIST. It is up to eachsubcommittee and its sponsors to invite members outside of the community, if needed.

 

[1] University of Wisconsin–‍Madison Cybersecurity Strategy (2023–2025)

Overall Goals & Expectations

  • Provide IT security leadership for campus
  • Help establish campus IT security priorities
  • Be engaged in team activities
  • Help set meeting agendas and share issues, challenges and solutions
  • Communicate broadly and deeply within your campus organization
  • Actively represent your organization (and campus)
  • Attend UW-MIST meetings

Overall Responsibilities

  • Assisting in the technical coordination of IT security activities across the campus
  • Working across other university groups such as NAG, MTAG, IMLG, etc.
  • Being actively involved in creating new policies and standards as well as developing new security tools and techniques
  • Assisting with coordinating university-wide communication and training initiatives in basic security practices

Meeting Documents

See the full range of MIST meeting documents.

MIST Google Drive
(Access required, click the “Request access” button when prompted)

Charter

This is an accordion element with a series of buttons that open and close related content panels.

Charter

UW–‍Madison Information Security Team Charter

Years 2022–2024

Purpose

This charter defines the shared mission, guiding principles and values, and membership roles and responsibilities for the UW–‍Madison Information Security Team (UW-MIST).

Authority

The following individuals have authorized UW–MIST to operate in the capacity defined within this charter:

Title Role
Chief Information Officer (CIO) Executive Sponsor
UW–‍Madison Chief Information Security Officer (CISO) Sponsor

Mission

Engage the community of professionals across the UW–‍Madison campus to share information, learn from each other, and provide recommendations, feedback, and advice to university leadership to lower risk and improve the overall cybersecurity posture of UW–‍Madison.

About

UW–MIST is a community of individuals at UW–‍Madison interested in advancing the cause of cybersecurity. Membership is open, and varied, and includes cybersecurity professionals appointed by divisions, departments, or units, as well as students, faculty, or staff interested in IT security. The team meets monthly to discuss timely, interesting, or relevant matters relating to cybersecurity, make recommendation to governance and the Office of Cybersecurity, and share techniques and best practices with other members. In addition to the monthly plenary meetings, UW–MIST commissions various permanent and ad-hoc subcommittees that generate additional discussions and recommendations on more specific and focused areas of expertise.

Guiding Principles and Values

  • We act as good stewards of IT resources in support of the overall mission of the University and appropriate university-related activities.
  • Champion a culture of cybersecurity best practices and awareness in our schools, colleges, divisions, departments, and units.
  • In the spirit of our campus Institutional Statement on Diversity, we believe that the best discussions and recommendations come from a warm, welcoming, inclusive, and spirited community and all viewpoints should be respected, regardless of alignment with a specific school, college, division, department, or unit
  • Support and promote awareness for our campus Cybersecurity Risk Framework, information security policies, and identify opportunities to protect university data, specifically in the areas of availability, integrity, and confidentiality.
  • We operate as an open and welcoming community, driven by the idea that the community has a membership-of-equals.

Structure, Membership, and Responsibilities

UW–MIST is an open and welcoming community, driven primarily by consensus building and the idea that the community has a membership-of-equals. It, however, does provide structure that guides direction setting and decision-making, as to facilitate a highly effective team.

Sponsors

UW-MIST has two sponsors: the UW–‍Madison Chief Information Security Officer (CISO) and the UW–‍Madison Chief Information Officer (CIO), who also serves as the executive sponsor. They are responsible for directing and prioritizing efforts of the group, reviewing and responding to reports provided by UW-MIST, selecting the community chairperson, and reporting to and collaborating with the IT Management Advisory Groups.

Chairpersons

UW–MIST will have two chairpersons. One chair is the UW–‍Madison Deputy Chief Information Security Officer (D-CISO). The other is a member of the UW–‍Madison’s distributed IT community, serving a two-year term. Members provide nominations for the community chairperson to the current chairs, who act as facilitators in the chair selection process. Chairs objectively present the nominations to the Sponsors, who make a selection. The community chairperson may serve more than one term, but their terms may not be consecutive. Terms begin on February 1st of even numbered years.

Chairpersons, in conjunction with the Executive Committee, are responsible for overseeing subcommittee work, recruiting and maintaining a membership that is representative of campus, and directing or delegating work assigned to the Facilitator. They are also responsible for calling meetings, recording and communicating decisions, reporting to the sponsors, and ensuring an inclusive discussion. Chairpersons will ensure the distribution of agendas and discussion materials at least 48 hours prior to plenary meetings. Chairpersons will also ensure discussions are inclusive of various perspectives and opinions.

Executive Committee

The UW–MIST Executive Committee is responsible for charting the direction of UW–MIST, in accordance with this charter and the UW–‍Madison Cybersecurity Strategy,[1] via suggestions of content for meeting agendas and formalizing subcommittees to work on specific efforts. Members include the CISO, Chairpersons, Facilitator, and Chair-or-Sponsor-invited members representing the wider membership. Other members may provide suggestions to Executive Committee members on agenda content.

Support Staff

Support staff will be available to UW MIST to meet the group’s logistical needs. The support staff would be responsible for organizing all meetings per the Chairs’ instruction. This includes reserving appropriate meeting spaces, publishing meeting agendas, and other supplemental notes or recordings, as needed by the membership. The support staff and Chairpersons will coordinate to define the support staff’s responsibilities and duties.

Members

UW-MIST membership includes any faculty, student, or staff member with an interest in cybersecurity and a willingness to participate in open discussions about cybersecurity at UW–‍Madison. Members join the community in a variety of ways: a division, department, or unit lead may appoint them, they may participate on their own recognizance, or a sponsor, chair, or member may recruit them.

Members aid the Office of Cybersecurity in setting and advancing a consistent cybersecurity strategy for campus. Members attend the monthly meetings, having reviewed any discussion or presentation materials in advance. They also actively participate in the community outside of meetings, in particular, by reading and contributing to conversations occurring on the community’s mailing list. Outside of the community, members advance the agenda of cybersecurity to the entirety of campus, in particular, by conveying best practices and lessons learned from the community to their own division, department, or unit. Members appreciate and value a wide range of perspectives, and represent those perspectives both inside and outside of the community, and are respectful of everyone attempting to improve cybersecurity, even if there is a disagreement over opinions or methods.

Subcommittees

UW-MIST uses subcommittees to focus a select group of members on a particular issue that requires more work or discussion than is possible in monthly meetings. These groups are responsible for providing periodic report-outs to the entire community. Subcommittees must provide any work they generate to a common repository, open to all of UW-MIST. It is up to each subcommittee and its sponsors to invite members outside of the community, if needed.

Operational Activities

Meetings

UW-MIST meetings (Executive Committee and general community) will meet monthly, though the Executive Committee may adjust scheduling as needed. The Executive Committee is accountable for generating and ensuring the distribution of meeting agendas and minutes. Members are expected to review the material and be prepared for the meeting and potential discussion. Charter Certification

The Sponsors must certify the Charter as binding. Certification expires after two years. The Executive Committee is responsible for reviewing any amendments to the certified Charter, as well as for starting the review and recertification process as the Charter’s current certification expires. The Sponsors must certify any amendments to the already certified Charter. Amendment certifications last until the Charter’s current certification expires. Recertification, following the same process of the original certification, may take place at any time, and expires two years after the date of the recertification.

 

[1] University of Wisconsin–‍Madison Cybersecurity Strategy (2023–2025)