Security Tools & Support
If you are a departmental IT administrator, the Office of Campus Information Security (OCIS) can help you understand and enforce security-related policies, provide software, conduct training and offer technical support to help you do your job more effectively.
Evaluating Risk and Implementing Best Practices
System owners, data custodians and end users are responsible for ensuring that the data they use is properly protected. The Office of Campus Information Security helps departments evaluate and address risk. A good data security program 1) identifies whether any restricted or sensitive data is being handled 2) assesses whether sound security practices are in place around that data, and 3) puts a program into place to address any gaps. Contact OCIS for assistance in implementing or improving your security practices.
Software Downloads and Training
Campus departments have access to a number of site-licensed and free security tools, including anti-virus management software for servers and other management tools for the campus network. DoIT’s Professional Technical Education program provides free training for some of these tools, including Authorized Agent Network Tool Suite (AANTS) and Firewall Service Administration training.
Identity and Access Management
OCIS manages a number of credentialing services for campus, including the NetID service and the historical three-character login service. OCIS encourages service providers on campus to use centralized credential stores, when possible. WebISO (i.e., single sign-on for Web applications) is available to service providers needing to allow authenticated access to Web-delivered applications. OCIS and DoIT also authorize access to certain campus-wide and UW System-wide business or enterprise systems (e.g., ISIS, InfoAccess). In addition, service providers may contract with DoIT to provide security authorizations for their departmental systems.
Certificate Services
OCIS and DoIT offer GeoTrust server SSL and code signing certificates for purchase from the Tech Store for those applications that require commercial certificates. In addition, DoIT offers multi-purpose UW-Madison-issued user certificates for signing and encrypting email, as well as certificate authentication.
Vulnerability Scanning
To reduce IT security risks and supplement existing security practices, OCIS periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. OCIS can perform both host-based and Web application scanning. You can use our Web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email. You can also contact OCIS for additional vulnerability scanning options.
Data Discovery
To reduce IT security risks and supplement existing security practices, OCIS periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. OCIS can perform both host-based and Web application scanning. You can use our Web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email. You can also contact OCIS for additional vulnerability scanning options
Incident Response
OCIS provides information technology incident response services for campus, which includes assisting with any investigation of the unauthorized release of sensitive University data, per campus policy. Report any unauthorized release of sensitive information to the DoIT Help Desk for OCIS follow up. Report general incidents to abuse@wisc.edu or the OCIS site.
Campus Security Awareness Program
OCIS produces a variety of public education materials for campus, including posters, bookmarks and articles, to help users identify restricted data and understand safe computing best practices. Events, such as October Cyber Security Awareness Month, Lockdown and Computer Health Check-Up Workshops, further promote these principles and provide hands-on learning opportunities. Many of these resources are available at no charge to departments.