Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Child pages
  • IT Policy Forum 2018-02 SETA Discussion Results
Skip to end of metadata
Go to start of metadata

SETA Discussion

Comments from audience are bulleted.

Everyone filled out the form.

Physical Security:

What’s useful?

  • secure work areas and resources. Her area has lots of restricted data, and this is important.

  • See too many people just walk away from logged in workstations/email.  Easy to play with facebook profiles.

  • With office environments, many people can’t easily secure with keys, for example.  Cubicles are different than regular offices.

What isn’t useful?

 

  • This isn’t a cybersecurity issue (tailgating).

  • Might be good to have alternative options to address different environments.

  • To the extent that this is useful for campus, Ed would like to see it included. May not be cybersecurity, but still is security.

Access Control:

What useful?

  • Access control is a no-brainer. It can be imposed on people without training. Tailgating is something you can train people to avoid.

  • Exposing people to the “why of passwords, for example, might make them take it more seriously.

What isn’t useful?

  • Don’t want to mix the message - it’ll frustrate people and make them not-receptive.  Might depend on specific group needs.

Safe Computing:

What’s useful?

  • Phishing - getting lots of questions about it

  • MFA - good to know “why” of MFA.

  • If MFA is used on campus, it’ll be mandatory and training instructions will be provided.  

What’s going to have staying power?

Privacy:

  • Social media.  Some for this, some against.

  • Relationship piece is the foundation of all of the social media stuff.

  • Awareness of people mixing work and home is important. That happens more and more and is a threat.

Protecting and Handling Data:

There was an initiative regarding this topic - is it really security awareness and should it be included?

  • Only important if you tie it to the policy.

What about data destruction/data retention?

  • Deep topic - surface awareness at most.

  • Couldn’t hear.

  • Bob would like to see surface knowledge, but offer opportunity to do more. Maybe include it for specific audiences.

  • This is for the it staff - technical training. Non-technical people function within the established framework.

    • Based on assumption that technical staff are available to all.

    • This would help

    • Users get documents through a business process and they store it where convenient. Providing awareness of the best places to store it would be good.

    • Who is authorized to access the data and under what circumstances?  People should know what sort of data they have and when it’s safe to access it.

  • No labels