Issue link: http://uwashington.uberflip.com/i/509241
ANALYSIS AND CONSULTING Organizational areas within the University of Washington are responsible for managing information security and privacy risks. The Office of the CISO team consults with UW units and departments on practical approaches to safeguard student, employee and research data. This year, we revised and expanded the resources and tools on our website for organizations to develop their own security plans. Listed below are some of the topics covered in 2014 consulting engagements: • Risk management strategies • Vulnerability scanning • Departing employees • Point of sale on mobile devices • Export agreement • Data storage • Standards for specific types of confidential data • Acceptable use • Data in the Cloud • Contractor access to data • Database encryption • Delivered "Understanding the Privacy Landscape and How to Cover Your Assets" presentation at UW TechConnect • Conducted a Data Security Agreement consulting lab • Assisted several UW organizations with the development of security plans • Reviewed contracts for security and privacy considerations • Initiated semi-annual outreach meetings with UW academic and business organizations • Created analysis and security consulting position 2014 ACCOMPLISHMENTS ‹‹ Laws and regulations related to information security and privacy identified and published 2012 SSNs at UW and Passwords online training published UW Social Media Guidelines published APS 2.6, Information Security Controls and Operational Practices, published APS 2.1 and APS 2.10 replaced by APS 2.6 Social Media Guidelines and Mobile Devices online training published UW Website Terms of Use published UW Online Privacy Statement published External review of UW Information Security Program Phishing at UW online training module published Information security and privacy insurance obtained 2014 INFORMATION SECURITY AND PRIVACY ANNUAL REPORT 9