Volume 2, Issue 2
October is National Cybersecurity Awareness Month
In recognition of National Cybersecurity Awareness Month, the UW Office of the CISO would like to remind members of the UW Community of an information security issue close to home:
Did you know that your UW NetID and password – along with other login credentials – are valuable? Cyber thieves try to steal these credentials and use them to generate spam, or to gain access to personal data, UW information systems, and the wealth of resources available to the University community. To help protect your UW login credentials, don’t share your password with anyone, don’t re-use the same password for more than one account, and don’t choose passwords that are easy to guess. Prepare for the upcoming 2012-2013 academic year by reviewing basic security practices that go a long way toward safeguarding personal and UW institutional information. See Quick Tips for Smart Computing, the Whole Disk Encryption Guideline, Passwords and Passphrases, and other information security and privacy online training modules.
Social Media Guidelines
The UW is rapidly integrating the use of social media into its academic, research, and service mission. There are information security and privacy risks as well as ethical, professional, legal, technological, personnel, and interpersonal issues associated with the use of social networking and media. For employees using UW department-sponsored social media, Social Media Guidelines have been developed in a collaborative effort by the Office of the CISO, UW Medicine Compliance, Office of Research, Office of Academic Personnel, Human Resources, Office of the Registrar, School of Public Health, and Office of Media Relations and Communications. The guidelines are on the Privacy Assurance and Systems Security (PASS) Council website and are accompanied by a 7-minute online training.
New Online Training Modules
Our latest online training topic is The Use of Social Media at the UW (see above post). In June, we launched Mobile Devices and University Data, developed in collaboration with the UW School of Medicine. This module is geared toward all who use mobile devices to access University data, systems, or networks – and that might be just about everyone at the University! It provides privacy and security best practices for mobile devices, as well as information on relevant UW policies and reporting incidents. The online training modules are available in Flash, HTML5, and iPad format; stay tuned for future modules on Phishing and Security 101.
New APS on Information Security Controls and Operational Practices
A new policy statement on information security controls and operational practices has been approved and published in the UW Policy Directory. Administrative Policy Statement 2.6 describes the information security controls used by the University to protect its institutional information, information systems, computerized devices, or infrastructure technology. With the publishing of this policy the following documents are now retired:
- APS 2.1 Information Systems Security
- APS 2.10 Minimum Data Security Standards
- Minimum Computer Security Standard
- UW Guidelines for Implementing Systems and Data Security Practices
UW Data Classification
The retired APS 2.10, Minimum Data Security Standards, included a section on classifying UW institutional data. The Privacy Assurance and Systems Security (PASS) Council website now includes examples of specific types of data that are classified as confidential, restricted, or public. Controls need to be applied to appropriately protect institutional information according to information security and privacy policies. See the UW Data Classification page for more information.
Information Assurance Seminar
- Information Security Threat Landscape
- Information Security and Privacy 101: The Basics
- Information Security and Privacy Risk Management, Session 3: Risk Evaluation
Watch the Events page for updates and more information.