Issue link: http://uwashington.uberflip.com/i/509241
C I S O . U W. E D U Number of UW students: 54,670 Number of UW students: 2156 1909 2014 FROM THE CHIEF INFORMATION SECURIT Y OFFICER In the world of information security and privacy, we are never comfortable with the status quo. We must be vigilant to stay informed of possible threats and keep up with those who wish to harm the institutions that we serve. Despite our best collective eorts, every once in a while the adver - saries score a win. Sometimes valued data is accidentally disclosed. In the current cybersecurity landscape, such scenarios are nearly inevitable. When an incident happens, every reasonable eort should be made to avoid a reoccurrence, including examining lessons learned to be more predictive about the future. As part of this self-examination, in this year's annual report we have included a timeline of notable events related to the past 14 years of the University's Information Security and Privacy Programs. After reviewing an early draft, I was encouraged to see how far the program had progressed over the years. Not shown on the timeline are the many smaller milestones and details that tell an even more remarkable story of risk management and achievements. We hope browsing this report helps you appreciate the University's commitment to protect the information generated by it and entrusted to it, and to safeguard the privacy of the individuals who are part of the UW community. Kirk Bailey, Chief Information Security Officer TABLE OF CONTENTS Assumption of Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Due Care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Privacy Puzzle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Situational Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Security by the Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 The Infographic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Making Sense of Cyber-Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Education, Training, and Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Risk Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Analysis and Consulting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Professional Networks and Information Sharing . . . . . . . . . . . . . . . . . 11 Objectives for 2015 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11