Project Planning Team
Executive Sponsor: Anne Milkovich, CIO
Project Sponsor: Anne Milkovich, CIO
Project Managers: Victor Alatorre, Mark Clements, Laura Knaapen
Technical Team Members: Dan Petersen, Christian Beck, Eamon Bauman, Michael Brunn, Michelle Loker, Ricky Johnson, Michelle Loker
- Admin rights exception and removal of access processes shared with campus.
- Exception requests are being processed.
- Project planning is continues for multi-factor authentication for PeopleSoft, ImageNow and Canvas.
Information Security Compliance
UW System has provided all UW campuses with five Administrative Policies and three Procedures on Information Security. These policies and procedures are mandatory for all UW campuses. The five policies and three procedures are listed on the IT Policies web page.
During the Spring semester IT completed the Authentication procedures regarding password requirements for the university NetID account. As part of the Legislative Bureau audit, several small projects were identified for IT to work on. The projects are listed below in priority order. Additional projects may be required based on the new UW System two-year Info Security plan.
|Project/Policy||Project Manager||Semester to Start Work||Status||Recent||Next|
|Enforce mandatory security training.||Richard Montano||Spring 2018||Operational||Employees out of compliance will have their accounts locked||Improve system automation by connecting to Canvas|
|Student employees cannot use generic, shared accounts.||Laura Knaapen||Summer 2018||Operational||Account creation semi-automated.|
|Immediate access removal upon employee separation from university or role.||Laura Knaapen||Summer 2018||Operational||Process maps are set.||Verify process is working appropriately.|
|Remove administrative rights from desktop computers.||Laura Knaapen||Fall 2018||In Progress||Exceptions being accepted and reviewed.||Admin rights will be turned off on January 15, 2019.|
|Bring Gmail into compliance for password policies||Victor Alatorre||Summer 2019||No longer needed||Plan migration to Office 365|
|Auditing desktop computers for high risk data.||Mark Clements||Fall 2018||In Progress||Technical requirements have been met||Communicate rollout of service to campus|
|Move all high risk data to encrypted storage.||Victor Alatorre and Mark Clements||Fall 2018||Concept||Researching encryption options||O365 is the current recommendation for storing high risk data that must be shared.|
|Communicate with past emeriti to verify relationship with campus and need for accounts||Laura Knaapen||Spring 2019||Not Started|
|No longer allow physical, wired attachment of non-university devices.||Laura Knaapen||Spring 2019||Not Started|
|Require multi-factor authentication to access high risk data.||Mark Clements and Victor Alatorre||Spring 2019||Planning||Project kickoff meeting held. Planning implementation.||Work through technical issues with PeopleSoft and ImageNow.|
|Teach use of account delegation so email passwords are no longer being shared||Laura Knaapen||Spring 2019||In Progress||KnowledgeBase article created. Testing with IT Classroom Tech email account||Review test results.
Rollout to campus.
|Review all enterprise applications to document security and dependencies||Mark Clements||Spring 2019||In Progress|
|Increase offering of security awareness education.||Richard Montano||Summer 2019||In Progress||Security is included in employee orientations.||Move from Lawroom to Canvas|
|Auditing employee data access through formal approval and renewal procedures.||Mark Clements||Fall 2019||Not Started|
|Desupporting local hard drive storage.||Victor Alatorre||Fall |
|Shift all full-time employees who maintained their student account to the employee account scheme.||Victor Alatorre||Fall 2019||Not Started|
|Provide student accounts to employees taking classes||Victor Alatorre||Fall 2019||Not Started|
- Admin Rights Exception email sent to campus and placed on web.
- Exception requests are being processed.
- Attending college meetings to inform them of Duo and other upcoming projects.
- Turn off Admin Rights on January 15, 2019.
- Begin Duo implementation January 2, 2019.
- Plan for other audit responses.