Topics Map > UW-Madison > Cybersecurity > Access Control
Topics Map > UW-Madison > Cybersecurity > Configuration and Maintenance

UW-Madison - CIO - Storage and Encryption Policy

Apples to anyone who stores restricted data or sensitive data, as defined in the Data Classification Policy.

UW-Madison employees and contractors must encrypt restricted data and sensitive data when it is stored or accessed on desktops, laptops or other portable devices or media, according to the current compliance standards.

The Storage and Encryption Standard is the implementation of the policy.


Policy

  1. UW-Madison employees and contractors must have permission from their supervisor or other appropriate authority in order to store or access restricted data or sensitive data on desktops, laptops or other portable devices or media.

  2. The presence of restricted data and sensitive data on desktops, laptops and other portable devices and media must be limited to the amount necessary for immediate operations.

  3. UW-Madison employees and contractors must encrypt restricted data and sensitive data when it is stored or accessed on desktops, laptops or other portable devices or media, according to the current compliance standards.

  4. UW-Madison employees and contractors must assure that encrypted information is accessible and retrievable as needed for operations and records retention purposes.

The compliance standards describe current requirements and currently available resources and procedures. The compliance standards will change over time as technology and business needs change.

Background

Unauthorized access to restricted data and sensitive data can have significant detrimental effects on individuals or the institution. There have been sizeable information security breaches at higher education institutions that resulted from the loss or theft of laptops or other portable devices and media. Desktop computers and devices also pose a significant risk due to the difficulty of providing adequate and consistent physical and network security. Overall, loss, theft and unauthorized physical or network access account for approximately two thirds of information security breaches.

Experience in higher education has demonstrated that an information security breach can be very costly to the affected individuals and the institution. Anti-virus software, security updates and firewalls cannot fully protect devices and media. The most effective way to reduce risk is to reduce the amount of restricted data and sensitive data that is present. Encryption reduces the risk of unauthorized access to any remaining restricted data or sensitive data.

Authority

Issued by the UW-Madison Vice Provost for Information Technology.

Enforcement

Failure to comply may result in disciplinary action up to and including termination of employment.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References

IT Policy Glossary - https://kb.wisc.edu/itpolicy/glossary
Data Classification Policy - https://kb.wisc.edu/itpolicy/cio-data-classification-policy


Effective:   Jun 1, 2009
Revised:    Jun 01, 2009 RevD (Jan 16, 2016)
Reviewed:  Jan, 2016
Review by: Jan, 2018
Maintained by: Office of the CIO, IT Policy

History at: https://kb.wisc.edu/itpolicy/cio-encryption-history
Reference at: https://kb.wisc.edu/itpolicy/cio-encryption-policy



Keywords:policies definitions policy requirements definition requirement requirements, administrators faculty it-security-staff it-staff managers supervisors administration information-technology security, cloud-services mobile-devices personally-owned-devices records-management security cloud cybersecurity devices mobile personal personally records, access business-use monitoring storage distribution, access-control configuration-and-maintenance access configuration maintenance restricted-data sensitive-data hipaa-data ferpa-data restricted-research-data sensitive-research-data restricted sensitive hipaa ferpa fisma research   Doc ID:59336
Owner:GARY D.Group:IT Policy
Created:2016-01-05 22:10 CSTUpdated:2016-11-27 15:55 CST
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-encryption-policy
Feedback:  0   0