Project Planning Team
Executive Sponsor: Anne Milkovich, CIO
Project Sponsor: Anne Milkovich, CIO
Project Managers: Victor Alatorre, Mark Clements, Laura Knaapen
Technical Team Members: Dan Petersen, Christian Beck, Eamon Bauman, Michael Brunn, Michelle Loker, Ricky Johnson, Michelle Loker
- We will be extending all information security compliance procedures to the access campuses.
- Duo, multi-factor authentication rollout is being planned for October 2019 for PeopleSoft and Image Now.
- Wired network connection of personally-owned devices is no longer permitted. Wireless connection of these devices is still available.
Information Security Compliance
UW System has provided all UW campuses with five Administrative Policies and three Procedures on Information Security. These policies and procedures are mandatory for all UW campuses. The five policies and three procedures are listed on the IT Policies web page.
During the Spring semester IT completed the Authentication procedures regarding password requirements for the university NetID account. As part of the Legislative Bureau audit, several small projects were identified for IT to work on. The projects are listed below in priority order. Additional projects may be required based on the new UW System two-year Info Security plan.
|Project/Policy||Semester to Start Work||Status||Recent||Next|
|Auditing desktop computers for high risk data.||Fall 2018||In Progress||Technical requirements have been met||Communicate rollout of service to campus|
|Move all high risk data to encrypted storage.||Fall 2018||In Progress||O365 is the current recommendation for storing high risk data that must be shared.||Migrating all UWO accounts to O365.|
|Require multi-factor authentication to access high risk data.||Spring 2019||In Progress||Testing product and processes on IT staff.||Prepare documentation, training, and campus communication.|
|Review all enterprise applications to document security and dependencies||Spring 2019||In Progress||Review is complete.||Operationalizing review of new apps. Assigning and training data stewards.|
|Increase offering of security awareness education.||Summer 2019||In Progress||Security is included in employee orientations.||Move from Lawroom to Canvas|
|Bring Gmail into compliance for password policies||Summer 2019||Planning||Migrating from Google to O365||Move Google login to shibboleth|
|Auditing employee data access through formal approval and renewal procedures.||Fall 2019||Not Started||Waiting on UW System recommendation of tool to use for this|
|Desupporting local hard drive storage.||Fall 2019||Not Started|
|Shift all full-time employees who maintained their student account to the employee account scheme.||Fall 2019||Not Started|
|Provide student accounts to employees taking classes||Fall 2019||Not Started|
|No longer allow physical, wired attachment of non-university devices.||Summer 2019||Operational||All known personally-owned devices have been removed from DHCP||Communicate that this is policy.|
|Enforce mandatory security training.||Spring 2018||Operational||Employees out of compliance will have their accounts locked||Improve system automation by connecting to Canvas|
|Student employees cannot use generic, shared accounts.||Summer 2018||Operational||Account creation semi-automated.|
|Immediate access removal upon employee separation from university or role.||Summer 2018||Operational||Process maps are set.||Verify process is working appropriately.|
|Remove administrative rights from desktop computers.||Fall 2018||Operational||Admin rights are no longer the default.||Outline new request and annual renewal processes.|
|Teach use of account delegation so email passwords are no longer being shared||Spring 2019||Operational||All accounts were informed of need use delegation and not share passwords.||Reminder will be sent to all remaining accounts.|
|Communicate with past emeriti to verify relationship with campus and need for accounts||Spring 2019||Operational||All retirees with accounts are notified of the change in practice regarding retaining accounts.||Non-emeritus accounts will be deactivated June 3, 2019.|
- Wired network connection of personally-owned devices is no longer available. Wireless connection is still available.
- Multi-factor authentication technology is being tested and documented for release in October 2019.
- Extend information security policies to the Fond du Lac and Fox Cities campuses.
- Renewal of information security training at all three campuses.