Office of the Chief Information Security Officer

CISO Newsletter

Volume 4, Issue 2
October 2015

October is Cybersecurity Awareness Month

The Office of the Chief Information Security Officer (CISO) will offer a new resource or training opportunity each Thursday in October to promote cybersecurity awareness. Our home page will highlight educational materials on information security and privacy threats and risks, as well as ways to address them.

Malware Online Training and Infographic

The first Thursday’s featured item is a 5-minute online training module, Malware: What It Is, What It Does, and What To Do. This module includes an attached infographic suitable for printing and posting in your office and common areas. Click on the “Resources” tab in the upper right-hand corner of the training to download the pdf.

Short on time?

View and download the Things to Know About Malware infographic.

Event: Demystifying Antivirus Software

Blocking malware is harder than it looks. News headlines seem to suggest we are losing the battle against cybercrime in securing personal and organizational information. Chester Wisniewski, Senior Security Advisor from SophosLabs, will present the latest on tactics criminals are using, malware-detection mechanisms, research behind antivirus software, and what the University of Washington community can do to better protect our digital assets. This presentation will be suitable for members of the UW community at any level of technical knowledge.
RSVP by Thursday, October 15 to

Event details:
Demystifying Antivirus Software
Presented by Chester Wisniewski
Thursday, October 22
2:30 — 4:00 p.m.
UW Tower 4th Floor Auditorium

On the Horizon

The following projects are scheduled for delivery to the UW community this fall. We’ll email updates and post them on our website.

Guidance on Storing and Processing Confidential Data

University of Washington faculty, researchers, and staff have requested guidance regarding which computing solutions or systems are approved for storing or processing confidential data. The need for this guidance stems from the plethora of services and solutions capable of storing or analyzing data of all types. Since the University of Washington is subject to many privacy and information security related laws and regulations, not all computing solutions or systems are appropriate for University of Washington confidential data.

For this reason the Office of the CISO is leading a work team to develop and publish an online resource by year’s end. The resource will consider contractual agreements, the governing laws and regulations, and institutional risk decisions.

Third-Party Security Vendors

The Office of the CISO is in the contracting phases with security vendors who will augment the risk and consulting services we provide the University. We are also working on a process to facilitate UW organizations’ access to these vendors for security assessments, code reviews, and penetration testing. In official UW terms, the Request for Quotation and Qualifications was issued this summer and the Apparently Successful Bidders were informed last month.

Data Security and Privacy Agreement

Protecting confidential data, critical systems and services, and Internet-facing applications through contract terms is essential. We recently established clear information security and privacy goals for UW partners. We are currently developing an improved Data Security and Privacy Agreement to replace the Data Security Agreement now in use. This updated contracting tool will be more versatile and easily integrated into an improved process that provides actionable security and privacy risk advice.