Lockdown 2010

• The conference will be begin at 7:45am• Please check-in at the registration table in the atrium and pick up a conference hat, name tag

and schedule/feedback form• Breakfast items located in the atrium• Please silence cell phones, etc

Lockdown 2010

• Presentations will be posted on the Lockdown site• Bathroom locations• Lunch in the lobby• Pick up certification of completion later in the

afternoon• Return feedback form at the registration table

after your last session

Ron KraemerCIO/Vice Provost for Information Technology

University of Wisconsin-Madison

Welcome toLockdown 2010

July 15, 2010

Bruce Orchard

• UW-Madison graduate• Waisman and College of

Engineering (CAE) staff member• Original BadgIRT Volunteer

Think Differently

Show Courage

Be Innovative

The Top 10 tactical things we can do to help safeguard the information entrusted to us:

1. Know who is responsible for cybersecurity in your organization and engage them.2. Use strong passwords.3. Have up-to-date anti-virus/anti-spyware running on all devices (at home and at work).4. Use "Identity Finder" to find restricted data on your devices.5. Encourage everyone to delete data that they do not need.6. Use encryption software if you must keep restricted data.7. Ensure your units have firewalls in place.8. Make sure that your cybersecurity staff members review security-related logs and messages.9. Keep devices physically safe (laptops, flash drives, etc.).10. Listen for remarks that make you nervous.

1. Support the strategy to improve data governance and data management [data stewardship].2. Support the strategy to fortify the audit and assessment process.

The top two strategic things we can do to help safeguard the information entrusted to us:

For more information:• http://www.cio.wisc.edu/security/• Invite us to visit with you! [Jim Lowe (Office of Campus Information Security)

Student/Faculty/Staff Data1. Social Security Numbers2. Driver’s License Number3. Financial Account Info (credit/debit card numbers,

back account information)4. Academic Records 5. Health Records6. Employment Records/Guest Records7. E-Mail/Voice Mail Records8. Location/access data from key cards, wireless

Internet connections9. Surveillance video records10. Security scan information11. Library and electronic reserve records12. Purchase history information 13. Vehicle Data

1. DNA profile information2. Biometric Data (fingerprints, voiceprints,

retina/iris image)3. Parent Financial Account Info (credit/debit card

numbers, back account information)4. Financial and other data on alumni and donor

prospects5. Behavioral data on the patients treated at

college/university hospitals, research subjects, and children cared for in campus day-care centers

6. Data from background checks, references, debt collection, litigation

7. Intellectual Property related to teaching and research

Other Data

Where is this data?

1. Servers, desktop systems, fixed storage devices (disk and tape), etc.2. Mobile devices (e.g., laptops, smartphones, removable hard drives, iPods, iPads, flash drives, etc.)3. Other media (CDs, DVDs, microfiche, digital tape, paper, etc.)4. Devices outside the university (e.g., Facebook, Google, our personal devices, on associate’s devices, etc.)5. Other devices connected to the network (e.g., microscopes, lab equipment, video conferencing systems, smartboards, etc.)

Safeguarding the Information Entrusted to the University

Individual personal data that should not reside on university devices (tax forms, personal account information [iTunes, eTrade, Target.com, etc.], passwords, etc.)