Project Planning Team
Executive Sponsor: Anne Milkovich, CIO
Project Sponsor: Anne Milkovich, CIO
Project Managers: Victor Alatorre, Mark Clements, Laura Knaapen
Technical Team Members: Dan Petersen, Christian Beck, Eamon Bauman, Michael Brunn, Michelle Loker, Ricky Johnson, Michelle Loker
- UW System / Legislative Audit Bureau reviewing audit response.
- Additional small projects identified to meet compliance expectations.
- Projects identified to Chancellor’s Administrative Staff and IT Advisory Group.
Information Security Compliance
UW System has provided all UW campuses with five Administrative Policies and three Procedures on Information Security. These policies and procedures are mandatory for all UW campuses. The five policies and three procedures are listed on the IT Policies web page.
During the Spring semester IT completed the Authentication procedures regarding password requirements for the university NetID account. As part of the Legislative Bureau audit, several small projects were identified for IT to work on. The projects are listed below in priority order. Additional projects may be required based on the new UW System two-year Info Security plan.
|Project/Policy||Project Manager||Semester to Start Work||Status||Recent||Next|
|Enforce mandatory security training.||Richard Montano||Spring 2018||In Progress||Employees out of compliance will have their accounts locked||Improve system automation|
|Remove administrative rights from desktop computers.||Laura Knaapen||Summer 2018||In Progress||Drafting exception process||Review with IT Steering Committee|
|Student employees cannot use generic, shared accounts.||Laura Knaapen||Summer 2018||In Progress||Working on automation and communication||Set account scheme|
|Immediate access removal upon employee separation from university or role.||Laura Knaapen||Summer 2018||In Progress||Working on process maps with HR||Communicate change to campus, especially supervisors|
|Auditing desktop computers for high risk data.||Mark Clements||Summer 2018||In Progress||Working on audit automation||Document response for finding high risk data|
|Increase offering of security awareness education.||Richard Montano||Summer 2018||In Progress||Developing education materials and outlets||Fall orientations for employees and students|
|Require multi-factor authentication to access high risk data.||Mark Clements and Victor Alatorre||Fall 2018||Planning||Provide cost estimate to campus|
|Move all high risk data to encrypted storage.||Victor Alatorre and Mark Clements||Fall 2018||Not Started|
|Bring Gmail into compliance for password policies||Victor Alatorre||Fall 2018||Not Started|
|Re-establish emeritus status process to document ongoing relationship with campus||Anne Milkovich and Laura Knaapen||Fall 2018||Not Started|
|No longer allow physical, wired attachment of non-university devices.||Laura Knaapen||Fall 2018||Not Started|
|Auditing employee data access through formal approval and renewal procedures.||Mark Clements||2019||Not Started|
|Desupporting local hard drive storage.||Laura Knaapen and Victor Alatorre||2019||Not Started|
|Shift all full-time employees who maintained their student account to the employee account scheme.||Victor Alatorre||2019||Not Started|
- Reviewed and prioritized list of projects.
- Identified projects to work on during Summer 2018.
- Draft procedures and processes for Admin Rights and Account Removal.
- Share procedures and processes with IT Steering Committee.
- Program automation for student employee NetID and email account creation and removal.
- Draft and send student employee account information email.