Campus departments are invited to take the next steps to secure UW-Madison data and machines.
Last fall the campus Security Baseline Project established a minimum level of security around sensitive data kept by campus departments. The University needs assurance that no restricted data is present outside of designated areas. A data policy was drafted and approved by the campus to address this. The policy requires each UDDS to report (at the Division level) that they certify their compliance with the policy.
The Restricted Data Discovery project was launched soon after; to help us all meet the campus policy for handling restricted data. Specifically, this project helps us assess how departments identify and protect or delete Social Security Numbers (SSNs). DoIT just completed its first wave of data discovery scans and remediation on devices and data it manages.
Now it is time for IT Security to offer the same service to the rest of the campus.
Campus departments have several options to help them comply with the new policy by the required Dec. 31, 2015 deadline. Divisions or departments in divisions can implement a scanning solution in one of three ways:
1. Division/Department Hosted: May set up its own scanning tools and processes and complete the report. Results must be reported back to IT Security.Full 2. Support: IT Security or DoIT Support may be hired to run scans and complete the report. Division/Departments are responsible for remediation and cost.
3. Hybrid: Divisions/Departments can use the DoIT Departmental Support, CIO and local IT professional provided service, run the scans themselves and complete the report. Support for configuring scans could be provided by IT Security at no charge.
Reports will be tracked by IT Security with metrics communicated every month. The compliance office will archive the scan results. Following initial campus scans conducted during the initial period from January 1 through December 31, 2015, ongoing scanning and continuous diagnostics will be required.
To get started, or if department representatives have questions about the process, please email email@example.com.