Security @ UW-Madison - Baseline
Review the content by navigating between the tabs below.
New Technologies/Trends
ResourcesTopic Information
What can the Office of Cybersecurity Do for You?
The re-organized and renamed Office of Cybersecurity still provides services to DoIT as well as the campus and UW System.
The breadth of the new security team ranges from risk and compliance, to threat management, to incident monitoring and reporting to security awareness programs.
Your group may want the Cybersecurity team to assess the security risks remaining with your service or application. Or you may wish for team members to assist in the implementation of a security control such as password managers or other tools.
Questions on any security topic, requests for presentations, assessments on a service, etc. can be directed to cybersecurity@CIO.Wisc.Edu.
Your Security Responsibilities
In addition to completing this yearly training and taking action on any action items provided to you in the Security Awareness Training checklist, there are additional security practices as an employee of UW-Madison.
- Be aware of the policies that govern IT security @ UW-Madison. Before you are able to attempt the quiz you must first sign-off on the UW-Madison Responsible Use of Information Technology Policy.
- Report any security breaches as soon as they occur
- If traveling abroad, review and follow information found on the safe computing when traveling abroad webpage.
What is a Security Breach?
A security breach occurs when sensitive data from the University is exposed to the incorrect person or persons. Sometimes, someone is trying to access the data to commit identity theft or fraud, but sometimes an application malfunctions and the data is exposed unintentionally to other users of the application.
In general, ”logical” breaches should be reported to your local IT department or to the DoIT Help Desk and ”physical” breaches should be reported to the local police department; on the UW-Madison campus, that would be the UWPD.
Physical breaches can be for lost, misplaced or stolen devices. Also, physical breaches can be for personal or University held data. If University held data, the local police department would also be contacting the UW-Madison Office of Cybersecurity about the issue.
Logical data breaches involve the potential release of sensitive University held data from devices connected to the network. Common examples include:
- A laptop containing sensitive data gets infected with malware
- An unauthorized access into a server holding sensitive data from an attacker
- An accidental posting of sensitive data to a campus web server
New Technologies/Trends
Security is a constantly evolving landscape. As hackers are becoming more sophisticated in their attempts, being aware of the latest trends and requirements is necessary. To stay up to date, subscribe to these publications. If you have any questions or concerns about security, don’t hesitate to contact the Office of Cybersecurity at cybersecurity@cio.wisc.edu.
Resources
- UWPD’s BADGEr Beat Newsletter
- SANS OUCH! Publication
- Protection of Sensitive Information at DoIT (being updated as a campus-wide policy)
- Data Classification Policy
- UW-Madison Information Classifications
- UW-Madison Information Classifications and Associated Policies
- Official UW-Madison IT Policies
- Safe computing when traveling abroad
- Mandatory Information Incident Reporting Procedures.