Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

• Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) _{(on bussvc.wisc.edu)}

• HIPAA _{(on compliance.wisc.edu)}

  • 8.7 Destruction/Disposal of PHI
  • 9.1 HIPAA Privacy and Security Training
  • 9.2 Responding to Employee Noncompliance related to HIPAA
  • 9.3 Responding to Student Noncompliance related to HIPAA

• IT Policy

  • Endpoint Management and Security Policy _{(main entry: Configuration and Maintenance)}
  • Disposal and Reuse Policy and Procedures _{(main entry: Configuration and Maintenance)}
  • Security Education, Training, and Awareness Implementation Plan (SETA) (under development)
  • Password Standard _{(main entry: Identity and Access Management)}

UW System _{(on wisconsin.edu)}

• 1032 Information Security: Awareness Policy
• 25-3 Acceptable Use of Information Technology Resources

Related Documents

• IT Policy-related

  • Copyright Infringement _{(main entry: Copyright and Intellectual Property)}
  • IT Compliance Agreement