Computing Essentials for Departments
Security Tools and Support
If you are a departmental IT administrator*, the Office of Campus Information Security (OCIS) can help you understand and enforce security-related policies, provide software, conduct training and offer technical support to help you do your job more effectively.
*Note: The content of this site will soon be moving to www.cio.wisc.edu
Evaluating Risk and Implementing Best Practices
The Office of Campus Information Security helps departments evaluate and address risk. A good data security program 1) identifies whether any restricted or sensitive data is being handled 2) assesses whether sound security practices are in place around that data, and 3) puts a program into place to address any gaps. Contact OCIS to if you would like assistance in implementing or improving your security practices.
Software Downloads and Training
Campus departments have access to a number of site-licensed and free security tools, including anti-virus management software for servers and other management tools for the campus’s 21st Century Network. DoIT’s Professional Technical Education program provides free training for some of these tools, including Authorized Agent Network Tool Suite (AANTS) and Firewall Service Administration training.
Identity and Access Management
OCIS and DoIT manage a number credentialing services for campus, including the NetID service and the historical three-character login service. OCIS encourages service providers on campus to use centralized credential stores, when possible. WebISO (i.e., web single sign-on for web applications) is available to service providers needing to allow authenticated access to web delivered applications. OCIS and DoIT also authorize access to certain campus-wide and UW System-wide business or enterprise systems (e.g., ISIS, InfoAccess). In addition, service providers may contract with DoIT to provide security authorizations for their departmental systems.
Certificate Services
OCIS and DoIT offer GeoTrust server SSL and code signing certificates for purchase from the Tech Store for those applications that require commercial certificates. In addition, DoIT offers multi-purpose UW-Madison-issued user certificates for signing and encrypting email, as well as other certificate uses such as certificate authentication.
Vulnerability Scanning
To reduce IT security risks and supplement existing security practices, OCIS periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. OCIS can perform both host-based and web application scanning. You can also use our web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email.
Incident Response
Campus volunteers serve on the Badger Incident Response Team (BadgIRT), a team that promptly contains, investigates and helps campus recover from campus-wide security incidents. The team also provides input on campus information security issues. BadgIRT requires campus, particularly IT administrators, to report real or suspected security incidents to abuse@wisc.edu. BadgIRT will conduct or can assist in conducting forensics to determine the origin of the problem and work with law enforcement, as applicable.
Campus Security Awareness Program
OCIS produces a variety of public education materials for campus, including posters, bookmarks and articles, to help users understand safe computing best practices. Events, such as October Cyber Security Awareness Month, Lockdown and Computer Health CheckUp Workshops, further promote these principles and provide hands-on learning opportunities.