UW-Madison - Policy Portfolio - Cybersecurity Portfolio List

These are all UW-Madison cybersecurity policies that are registered with the Office of Cybersecurity. Closely related policies are grouped together.

The list is primarily useful to UW-Madison IT Staff. For a general list of campus IT policies, see: https://kb.wisc.edu/itpolicy/cio-policies.

 
  • Of interest to:
    • IT Security Staff
    • IT Staff
  • Subjects:
    • Cloud Services
    • Cybersecurity
    • Identity Management
    • Mobile Devices
    • Network and Telecomm
    • Personally-owned Dev.
    • Records Management
  • Cybersecurity:
    • Access Control
    • Acquisition and Develop
    • Config and Maintenance
    • Contingency Planning
    • Education and Training
    • Monitoring and Mitigation
    • Privacy
    • Risk Management
  • Data Handling Activities:   
    • Access
    • Archive
    • Business Use
    • Collection
    • Disposal
    • Distribution
    • Monitoring
    • Retention
    • Storage
    • Transmission
 

Contents


Acquisition and Development

Acquisition and Development addresses the selection, acquiring or development of any IT asset, including hardware, software, data, and IT services.

Policies

Related Documents


Configuration and Maintenance

Configuration and Maintenance addresses how IT devices and software are managed and maintained to ensure correct and secure operation.

Policies

Related Documents

  • None

Contingency Planning

Contigency Planning addresses what is to be done to account for a possible situation or event, particularly ones that involve IT, that may be harmful or disruptive to operations.

Policies

Related Documents


Education, Training and Awareness

Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW.

Policies

  • Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) (on bussvc.wisc.edu)
  • HIPAA (on compliance.wisc.edu)

    • 8.7 Destruction/Disposal of PHI
    • 9.1 HIPAA Privacy and Security Training
    • 9.2 Responding to Employee Noncompliance related to HIPAA
    • 9.3 Responding to Student Noncompliance related to HIPAA
  • IT Policy

  • UW System (on wisconsin.edu)

  • Related Documents


    Identity and Access Management

    Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access.

    Policies

    Related Documents


    Monitoring and Mitigation

    Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken.

    Policies

    Related Documents


    Privacy

    Privacy addresses the protection of privacy in an IT environment.

    Policies

    • Faculty Senate - Access to Faculty and Staff Electronic Files Policy

    • HIPAA (on compliance.wisc.edu)

      • 2.1 Notice of Privacy Practices (NPP)
      • 3.2 Uses and Disclosures of Protected Health Information That Require Patient Authorization
      • 3.3 Uses and Disclosures of PHI Not Requiring Patient Authorization
      • 3.4 Uses and Disclosures of PHI That Require Providing Patient with an Opportunity to Agree or Object
      • 3.5 Uses and Disclosures of Protected Health Information for Education and Training
      • 3.6 Uses and Disclosures of Protected Health Information for Marketing
      • 3.7 Uses and Disclosures of Protected Health Information for Fundraising
      • 3.8 Minimum Necessary Standard
      • 3.9 Verifying Identity and Authority of Persons Seeking Disclosure of a Patient's PHI
      • 3.10 Designated Record Set
      • 3.11 Sale of Protected Health Information Generally Prohibited
      • 5.1 De-identification of Protected Health Information Under the HIPAA Privacy Rule
      • 5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
      • 7.1 Requests by Patients for an Accounting of Certain Disclosures
      • 7.2 Requests by Patients to Amend Protected Health Information
      • 7.3 Requests by Patients for Alternative Confidential Communications
      • 7.4 Requests by Patients for Access to Inspect and Obtain a Copy of Protected Health Information
      • 7.5 Requests by Patients for Restrictions on Uses and Disclosures of Protected Health Information
      • 8.5 Security of Faxed, Printed, and Copied Documents Containing Protected Health Information
      • 8.6 Email Communication Involving Protected Health Information
      • 10.1 Complaints Under the HIPAA Privacy Rule
    • IT Policy - Collection of Personal Identity Information via Email

    • UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on it.wisc.edu)

    • UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on wisconsin.edu)

    Related Documents


    Risk Management

    Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions.

    Policies

    Related Documents

    Contact

    Please address questions or comments to policy@cio.wisc.edu.

    References

     



    Keywords:policies index policy requirements requirement requirements, it-security-staff it-staff information-technology security, cloud-services identity-management mobile-devices network personally-owned-devices records-management resource-management security cloud cybersecurity devices identity mobile networking personal personally records resource telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control acquisition-and-development configuration-and-maintenance contingency-planning education-and-training monitoring-and-mitigation privacy risk-management access acquisition configuration contingency cdm development education maintenance awareness mitigation monitoring planning risk training seta coop rmf listDoc ID:58557
    Owner:GARY D.Group:IT Policy
    Created:2015-11-27 18:53 CSTUpdated:2018-11-20 14:51 CST
    Sites:IT Policy
    CleanURL:https://kb.wisc.edu/itpolicy/cybersecurity-policy-list
    Feedback:  31   0