Division of Extension - Cybersecurity Practices

As part of the University of Wisconsin System and a division within the University of Wisconsin – Madison, the Division of Extension aligns its cybersecurity practices with the policies of UW – System and UW – Madison. Extension attempts to leverage existing infrastructure, technical expertise, and licensed software in their practices wherever possible.

Asset Inventory & Vulnerability Tracking

DoIT Departmental Support

Computers that are managed through DoIT’s Departmental Support service are automatically included in campus inventory. They are also managed to ensure machines are current with software and security updates and patches. The following locations and staff are covered under DoIT Departmental Support:

Extension Building
Upham Woods
Area Extension Directors
Regional educators
3500 University Staff

County Based Staff

Asset inventory and security upgrades/patches for staff located in a county Extension office are the responsibility of the county IT department and are not accounted for by Extension or UW-Madison asset inventory efforts. It is also the responsibility of the county IT service to provide proper end-point management and security of county-owned devices. County-managed computers must comply with UW-System Policy 1033, should there be a security incident.

Special Circumstance Endpoints

This group includes laptops that are not assigned to a specific individual, but are instead used for educational events. In these instances, Extension has configured the laptops with UW-Madison cybersecurity software Qualys and Advanced Malware Protection (AMP) which allows them to be included in the campus asset inventory. UW-Madison Cybersecurity also monitors these computers for any vulnerabilities and suspicious activity. Any incidents are reported to the Office of Digital Solutions (ODS). ODS then works with the laptop user to update or resolve the incident.

Incident Tracking

The Office of Digital Solutions maintains a spreadsheet of cybersecurity incidents to both track and record incident details as well as using DoIT’s ticket tracking system to share, escalate and track incidents between Extension and DoIT.

Data Security

Data Storage

Extension follows UW-Madison and UW System policy for classifying and storing data. Please see UW-Madison - IT - Data Classification Policy for data classifications used below.

The Office of Digital Solutions makes the following recommendations for the use of UW-Madison cloud storage:

Google Drive: Public, internal, sensitive
Microsoft One Drive: Public, internal
Box: Public, internal, sensitive, restricted (Secure Box)

You may also review the research data storage finder tool for additional options.

Video Conferencing

ODS makes the following recommendations for the use of internet-based video conferencing:

Zoom: Public, internal
WebEx: Public, sensitive, restricted
Microsoft Teams: Internal, sensitive

Authentication and Access

Wherever possible, Extension will leverage UW-Madison's infrastructure to provide secure authentication and access to online applications that are provided at the divisional level by ODS. This currently includes:

Applications

Applications currently provided at the divisional level by ODS that leverage UW-Madison infrastructure include:

WordPress
Knack.com (Planning and Recording portal, Staff Directory etc.)

Keywords:

Cybersecurity Practices DoIT ODS Asset Inventory Vulnerability Tracking Data Security Authentication Access

Doc ID:

106393

Owned by:

Tony R. in Extension Handbook

Created:

2020-10-06

Updated:

2024-12-20

Sites:

Extension Handbook

0 0 Comment Suggest new doc