The UWSA Information Security department oversees the security of the institution’s information, and supports the academic and research ambitions of the UW community. This department works towards system risk reduction through the implementation of security policies and oversees the implementation of strategic information security initiatives.
UW System Information Security Policies
- Information Security: Authentication
- Information Security: Data Classification and Protection
- Information Security: Awareness
- Information Security: Incident Response
Information Security Program
The purpose of this University of Wisconsin (UW) System information security (IS) document is to continue development and maintenance of an enterprise, systemwide program designed to ensure the confidentiality, integrity and availability of UW System Administration and institutions’ information assets from unauthorized access, loss, alteration or damage while supporting the open, information sharing needs of the academic environment. A robust information security environment is critical to enabling the UW System mission of developing human resources, discovering and disseminating knowledge and extending knowledge and its application beyond the boundaries of its institutions.
The UWSA Information Security team has been implementing a institution-wide phishing awareness education program. Through this program, simulated phishing emails will be periodically sent out to all UW faculty and staff. The emails will mimic a real phishing threat. If a recipient clicks on a link contained within a simulated phishing email message, they will be routed to a webpage which alerts them to the fact that they have been successfully phished, in a controlled and safe environment. The webpage then provides a brief explanation on what the user should have noticed about the phishing email, to indicate that it was a threat. The purpose of this campaign is to inform the UW Madison staff about the dangers and threats of cyber attacks, and provide suggestions to avoid sharing personal information online.