Apples to anyone who stores restricted data or sensitive data, as defined in the Data Classification Policy.
The compliance standards describe current requirements and currently available resources and procedures. The compliance standards will change over time as technology and business needs change.
Unauthorized access to restricted data and sensitive data can have significant detrimental effects on individuals or the institution. There have been sizeable information security breaches at higher education institutions that resulted from the loss or theft of laptops or other portable devices and media. Desktop computers and devices also pose a significant risk due to the difficulty of providing adequate and consistent physical and network security. Overall, loss, theft and unauthorized physical or network access account for approximately two thirds of information security breaches.
Experience in higher education has demonstrated that an information security breach can be very costly to the affected individuals and the institution. Anti-virus software, security updates and firewalls cannot fully protect devices and media. The most effective way to reduce risk is to reduce the amount of restricted data and sensitive data that is present. Encryption reduces the risk of unauthorized access to any remaining restricted data or sensitive data.
Issued by the UW-Madison Vice Provost for Information Technology.
Failure to comply may result in disciplinary action up to and including termination of employment.
Please address questions or comments to itpolicy@cio.wisc.edu.
09/24/2010 01/05/2018