Security @ UW-Madison - Technical IT Staff
What can the Office of Cybersecurity Do for You?
The re-organized and renamed Office of Cybersecurity still provides services to DoIT as well as the campus and UW System.
The breadth of the new security team ranges from risk and compliance, to threat management, to incident monitoring and reporting to security awareness programs.
Your group may want the Cybersecurity team to assess the security risks remaining with your service or application. Or you may wish for team members to assist in the implementation of a security control such as password managers or other tools.
Questions on any security topic, requests for presentations, assessments on a service, etc. can be directed to cybersecurity@CIO.Wisc.Edu.
Your Security Responsibilities
In addition to completing this yearly training and taking action on any action items provided to you in the Security Awareness Training checklist, there are additional security practices as an employee of UW-Madison.
- Be aware of the policies that govern IT security @ UW-Madison. Before you are able to attempt the quiz you must first sign-off on the UW-Madison Responsible Use of Information Technology Policy.
- Report any security breaches as soon as they occur
- If traveling abroad, review and follow information found on the safe computing when traveling abroad webpage.
What is a Security Breach? - Technical Content
Some may incorrectly state they have a "security breach" when really reporting a potential security breach. Here are some examples of how one may report a security breach:
- "My laptop has been stolen"
- "I see someone else’s data when I log into MyUW"
- "Student records have been publicly available for the last 24 hours on my server"
To determine whether or not these situations are potentially data breaches, you’ll want to find out if any sensitive data has potentially been exposed to an unintended audience. It is not your job to prove that a security breach has occurred; rather, it is your job to determine if one MAY HAVE occurred. If a security breach may have occurred, contact your local IT department or the DoIT Help Desk and they will gather information and send the case to the appropriate area. A security breach occurs when sensitive data from the University is exposed to the incorrect person or persons. Sometimes, someone is trying to access the data to commit identity theft or fraud, but sometimes an application malfunctions and the data is exposed unintentionally to other users of the application.
In general, "logical" breaches should be reported to your local IT department or to the DoIT Help Desk and "physical" breaches should be reported to your local police department.
Physical breaches can be for lost, misplaced or stolen devices. Also, physical breaches can be for personal or University-held data. If University-held data, the local police department would also be contacting the UW-Madison Office of Cybersecurity about the issue.
Logical data breaches involve the potential release of sensitive University-held data from devices connected to the network. Common examples include:
- A laptop containing sensitive data gets infected with malware
- An unauthorized access into a server holding sensitive data from an attacker
- An accidental posting of sensitive data to a campus web server
A note on stolen electronic devices: Stolen electronic devices can include desktops, laptops, tablets, smart phones, or any other electronic devices that stores data. Stolen electronic devices fall into the category of security breach when they contain University-related sensitive data. This means devices with University business data (pay, social security, etc.), research data, or other sensitive data to the University. A personal laptop with no sensitive data of the University is not a security breach.
Reporting Security Incidents - Technical Content
Users of UW-Madison information resources must report incidents involving possible unauthorized access to UW-Madison restricted data or other sensitive information, using the Mandatory Information Incident Reporting Procedures.
Reportable incidents include:
- Loss or theft of computers, devices or media, where it is reasonable to believe that restricted data or other sensitive information was present at the time of loss and unauthorized persons could access that information (for example, the information was not encrypted);
- Intrusion by malware or unauthorized access via the network into computers, devices, services or other resources, where it is reasonable to believe that either:
- Restricted data may have been accessible to unauthorized persons, or
- Other sensitive information was accessed by unauthorized persons;
- Unauthorized entry into offices or work areas, where it is reasonable to believe that restricted data or other sensitive information was accessed by unauthorized persons; or
- Any other circumstances where it is reasonable to believe that restricted data or other sensitive information was accessed by unauthorized persons
Security Reporting Form - Technical Content
To report non-urgent unauthorized access, denial of service, spam, electronic harassment, inappropriate commercial use, copyright infringement, or other such actions, complete the Reporting an Incident to IT Security. Note this goes directly to the security team, not the help desk. For urgent issues, you should call the DoIT Help Desk directly.
UW-Madison Information Incident Reporting and Response Flowchart - Technical Content
The following flowchart illustrates the overall process of incident reporting and response. The department or other unit performs the initial steps. These are equivalent to the mandatory reporting procedures outlined above.
<img src="https://kb.wisc.edu/images/group282/59716/incident-reporting-procedures-flowchart.jpg" width="75%" alt="flowchart"/">
Security is a constantly evolving landscape. As hackers are becoming more sophisticated in their attempts, being aware of the latest trends and requirements is necessary. To stay up to date, subscribe to these publications. If you have any questions or concerns about security, don’t hesitate to contact the Office of Cybersecurity at firstname.lastname@example.org.
- UWPD’s BADGEr Beat Newsletter
- SANS OUCH! Publication
- Protection of Sensitive Information at DoIT (being updated as a campus-wide policy)
- Data Classification Policy
- UW-Madison Information Classifications
- UW-Madison Information Classifications and Associated Policies
- Official UW-Madison IT Policies
- Safe computing when traveling abroad
- Mandatory Information Incident Reporting Procedures.
|Keywords:||security, uw-madison, technical, awareness, training, IT, IT-Security, DSAT, 2014, 2015, 2016, baseline, IT Staff, incident, breach||Doc ID:||43380|
|Owner:||Nicole O.||Group:||Security Awareness|
|Created:||2014-09-03 08:06 CST||Updated:||2016-03-29 14:19 CST|
|Feedback:||0 0 Comment Suggest a new document|