Information Security

Commonly asked questions about UW-Platteville information security are addressed on this page. Please feel free to submit questions or ask for additional information on topics. If you are not finding the topic that you are looking for here please feel free to also check the ITS Knowledge Base (https://kb.uwplatt.edu/). 

Frequently Asked Questions - FAQ

What is information security?

Information security is a discipline concerned with ensuring the confidentiality, integrity, and availability of information. The goal of the Information Security program within UW-Platteville is to protect information against disclosure to unauthorized users (confidentiality), improper modification, inadvertent corruption or destruction (integrity), and to ensure access to the information exists when required (availability).

Why is information security important?

Information is the buildings blocks of the “who,” “what,” “where,” “why,” “when,” and “how” decisions that are made on a day-to-day basis. If the information cannot be obtained when needed, or relied on to be accurate, then those decisions can be inaccurate or damaging to an individual or the institution.  If sensitive information is not protected appropriately then individuals without authority to make decisions can dictate them. For example: a social security number, name, and address are compromised and obtained by a hacker who then maliciously uses those to commit identify theft negatively affecting an individual’s financial situation.

Who is responsible for Information Security at UW-Platteville?

Students, faculty, staff, guests, and anyone who uses UW-Platteville resources has responsibility for ensuring the information they come into contact with is handled appropriately and adhering to control frameworks that may be in place around types of information or processes.

On the University of Wisconsin-Platteville campus, the information security officer (ISO) is responsible for the development of policies, procedures, standards, and implementation of information security best practices. The ISO is also the point of contact for questions, concerns, or potential incidents related to the confidentiality, availability, and integrity (CIA) of campus information.

Is information security just about computers?

No. Information security is an organization wide program that deals with information assets in various forms, such as information transmitted across a phone call, written on a post-it-note, stored in a database, locked in a filing cabinet, included on a report, or being transmitted across a network. Information can be verbal (people), paper, or technology, and it needs to be protected throughout its lifecycle—while in motion, storage, and destruction.

What is phishing?

Phishing is a type of e-mail-based scam in which a message appearing to be from a legitimate source requests personal information, which can then be used for fraudulent purposes including identity theft. One specialized technique is 'spear phishing'. In this scam, e-mail apparently from a trusted organizational representative is sent to that person's organization in order to glean credentials for subsequent hacking attacks.

Check out real-life examples of phishing messages and what to look for in the ITS Knowledge Base.