Please report any problems to the Shared Tools Team at    Broken Links? Missing Macros? WIKI Retiring Plugins
Skip to end of metadata
Go to start of metadata

   Previous forum | Next forum 

IT Policy Forum, Februray 9, 2017

Discussion Results


  1. Welcome
    Bob Turner, UW-Madison Chief Information Security Officer (CISO)
  2. Introduction
    Bruce Maas, UW-Madison CIO, and Vice Provost for Information Technology
  3. If I were a Risk Executive, what would I do?
    Bob Turner, CISO
    Presentation | Handout
  4. Discussion – Topic: Cybersecurity Risk Management: The Risk Executive.
    • The draft Cybersecurity Risk Management Policy is the game-changer that makes risk management in the functional units real.
    • The discussion will provide input to be used while drafting the policy and procedures, and in follow up risk management activity.
    Discussion Results
    There are three small groups to choose from, each one with an example authorization letter that states the current level of risk, and asks the "Risk Executive" to make a decision. The three groups focus on:
    • An administrative system
    • A HIPAA Business Associate Agreement (BAA)
    • A instructional system
    There is also a research example that all three of the groups can discuss.
    For each example letter:
    • Who would the risk executive be if this were in your unit? 
    • How could IT staff in your unit support the Risk Executive?
  5. Report back from the discussion groups
  6. Closing and Evaluations

Announcement Lists

  • You can receive IT policy forum invitations, along with a monthly digest of new and
    revised documents, and active policy stakeholder teams.  Please send a blank email to
  • To only receive invitations to the IT policy forums, please send a blank email to This list is used only for forum invitations.

Forum Discussion Results

  • A current or future team will use the discussion results while formulating their recommendations.
  • Discussion results for each forum are linked from the forum's agenda.
  • All forums are listed chronologically and by discussion topic at: IT Policy Forums.


Policy Planning Team

Unable to render {include} The included page could not be found.


File Size Created Comment


74752 Feb 10, 2017 15:51 Evaluations


38400 Feb 10, 2017 15:54 Evaluation form

IT Policy Forum Agenda 2017-02(full sheet).docx

27190 Feb 10, 2017 15:52 Handout: Forum agenda

If I were a Risk Executive-Handout-2017-02-09.docx

17441 Feb 10, 2017 15:52 Handout: Excerpt from Cybersecurity Risk Management Policy

The Risk Executive_IT Policy Forum_02-09-2017_Final.pptx

4662496 Feb 08, 2017 17:47 Presentation


  • No labels