UW-Madison - Policy Portfolio - Monitoring and Mitigation

The Monitoring and Mitigation portfolio includes documents related to ongoing monitoring of vulnerabilities and threats, and response to vulnerabilties and incidents that are detected.

Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

• Accounting Services - Credit Card Merchant Services and PCI Compliance (reconciliation, vulnerability scanning, transaction walk-thru's) _{(on bussvc.wisc.edu)}

• DoIT - Incident Reporting and Response Policy _{(please contact itpolicy@cio.wisc.edu)}

• HIPAA _{(on compliance.wisc.edu)}

  • 8.3 HIPAA Security Auditing Policy
  • 8.8 Notification and Reporting Policy

• IT Policy

  • Incident Reporting and Response Policy and Procedures and Template
  • Network Firewall Policy and Implementation Plan
  • Restricted Data Security Management Policy and Procedures
  • Vulnerability Scanning Policy

• UW System _{(on wisconin.edu)}

  • 1033 Information Security: Incident Response
  • 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions)

Related Documents

• IT Policy-related

  • Computer Logging Statement
  • Continuous Diagnostics and Mitigation Implementation Plan (under development)