1 / 9

UW System Information Security

This brief outlines a strategic approach to information security for operational excellence within the UW System. It focuses on standardized security capabilities, workforce resiliency, and enterprise investment in cybersecurity tools. Key priorities include defining roles, improving IS awareness, and workforce development strategies. The document also discusses ongoing efforts such as multi-factor authentication implementation and GDPR compliance. Future plans involve expanding Cisco deployments, developing risk management processes, and enhancing cybersecurity metrics reporting. Overall, the goal is to ensure a secure and efficient operational environment through collaborative efforts and continuous improvement.

stacy
Download Presentation

UW System Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UW SystemInformation Security Brief to Information Technology Management Council Katherine Mayer 15 October 2018

  2. Linkages Administrative Excellence Commitment to Operational Reform and Excellence (CORE): Operational excellence through the transparent standardization, consolidation and streamlining of non-instructional operations where it makes sense

  3. Digital Strategy - Goals • Establish a unifying strategic layer to enable 2020FWD in an increasingly digitally-enabled world • Provide direction for future digital investments and roadmaps • Clarify decision-making authority, scope, and process for digital initiatives Why are we here? Where should we put our focus? What are the opportunities? Who has influence and who decides? How do we get there?

  4. Information Security (IS) Strategic Priorities Enterprise Approaches Standardized Security Capabilities • Define roles, responsibilities, integration and actions to protect UWS networks in a unified manner • Expand collaboration and partnerships • Balance prescription with individual institution capability deployment • Reduce/eliminate duplication • Focus on high priority IS actions Standardized Security Capabilities Enterprise Approaches Workforce Resiliency IS Awareness IS Risk-Based Decision Making • Leadership • Outreach • Communications clarity IS Risk-Based Decision Making • Define/refine governance structure(s) • Leverage/align IS risk focus with ERM IS Awareness

  5. Workforce Resiliency HDLD High Demand Low Density • Employment of IT professionals expected to grow 28% from 2016-2026* • Can only fill 1/3 of IT jobs with current IT grads* • By 2024, 4.4M unfilled IT jobs* • Digital transformation rests on talent development • Competitive advantage demands life long learning • Soft skills gain prominence amid intelligent machines Human Capital Focus * Bureau of Labor Statistics

  6. Enterprise Investment for Blocking and Tackling • Advanced Malware Protection (AMP) • Prevention, detection and response to threats at the endpoints • CloudLock • Detection of cloud data breaches and malware • Umbrella • Stops phishing and malware earlier (before endpoints) • StealthWatch • Deep visibility across the network (normal v. anomalous) Piloting an incentive-based enterprise funding model

  7. Additional System-wide Efforts Underway • Multi-factor authentication implementation • General Data Protection Regulation Assessment (GDPR) complete • Cyber liability insurance renewal • Assisting institutions with policy implementation • Building out an information security team • Refining governance structures • Dissolution of the Information Assurance Council (IAC) • Redefining Technology and Information Security Council (TISC)

  8. What’s Next? • Continued Cisco deployments throughout UW System • Develop a risk management assessment process focused on information security risk • Develop cyber security metrics for reporting to leadership in partnership with Madison • Incorporate specific GDPR assessment recommendations into IS work plan • Policy development and vetting • Existing policy updates • Data privacy • Asset management • Network protection • Security monitoring • Human capital development

  9. Questions?

More Related