IT Policy Bootcamp – Live Session

Conference Session


Description

Join the campus Policy Planning & Analysis Team (PAT) for resources and information on the who, what, when, where, why and how of policy and the IT Policy process at UW-Madison. Learn how policy can assist you in your respective IT roles and how to get involved in the process.

Expect to gain a deeper understanding of why policy is important, the components that make up a successful policy and what information is included in a policy document. In addition, attendees will gain an understanding of what information is included and the purpose of supporting policy documents including policy standards, guidelines, procedures, and implementation plans. Finally, attendees will walk away with an understanding of why their voice is important in the policy process, how policy assists in supporting their work and how to get involved in current and/or future policy initiatives.

Basic knowledge of campus IT Policies beneficial, but not required.

The last 15 minutes of this session will also be open for Q&A about the Pre-Recorded Session: IT Policy – What’s Hot and in the Hopper


Presenter Information

Interop Update – What’s Here, and What’s Coming

Pre-Recorded Session


Live Q&A

Friday, June 4th, 1:30 – 2:00 pm


Description

Get an update on the Interop Initiative including new infrastructure services and capabilities, and plans for the coming year. Learn about the new tools and approaches that are coming online, and how they impact data access and integration.


Presenter Information

Ransomware – How it Works and How to Stop it

Pre-Recorded Session


Live Q&A

Friday, June 4th, 8:45 – 9:15 am


Description

Learn how to respond to a ransomware threat proactively, ideally to prevent an attack, or to have the resources to recover if one occurs. Looking beyond the infamous components of an extortion attack – data encryption and demands for ransom – this will cover the most common methods for gaining access, use of lateral movement and privilege escalation, and how an attacker uses fear to increase the chance of getting payment. I will focus on prevention, ideally to stop the attacker from gain access by following best practices in IT security. Logging and monitoring can detect an attack before data is encrypted, although that may not prevent data exfiltration. Effective backup strategy, having backups offline and keeping them long enough that there will be a backup from before the initial compromise, is essential to recovery.


Presenter Information

IT Policy – What’s Hot and in the Hopper (Flash Talk)

Live Q&A Information

  • The last 15 minutes of the session “IT Policy Bootcamp” on Thursday, June 3rd, 11:00 am – 12:00 pm will be dedicated to Q&A from this flash talk.

Description

Those who watch this session will be provided with updates on current IT Policies in development at UW-Madison and upcoming policies for AY2021-2022. Attendees will also be provided with contact information if they wish to request additional information or are interested in participating on current or upcoming policy initiatives.

Basic knowledge of campus IT Policies beneficial, but not required.


Presenter Information

checkQualys – Building Container Scanning Automation

Pre-Recorded Session


Live Q&A

Friday, June 4th, 2:30 – 3:00 pm


Description

This presentation discusses the Qualys Container Security scanner GitLab integration. DevOps is quickly changing the way that organizations build and deploy web applications such as Docker containers. With container technology, build workflow needs rapid release cycles and continuous deployment. By integrating automated security testing into the development tool chain workflows, developers can identify security issues associated with containers early in their build process. We will discuss the scripts and source code for tools to provide access to the Qualys container vulnerability scanning system through GitLab CI/CD jobs. This integration into a GitLab project allows developers to trigger a Docker container image scan pipeline on the image of their choosing. Any vulnerabilities found will be posted as a GitLab issue in the project from which it is executed. This integration uses a pre-configured VM for the GitLab runner that obtains access to what it needs via AWS IAM roles. This allows any developer with a project on the same GitLab instance to incorporate the Qualys scanner job by including a GitLab CI/CD template in their own gitlab-ci.yml file without having to set up access to the Qualys API for themselves. At the end of the presentation, participants will be able to learn about the architecture, scripts and source code, sample reports as well as setup instruction documentation and on-going improvements.

The architecture, scripts and source code, sample reports as well as benefit of container scanning, setup instruction documentation, and on-going improvements.


Presenter Information

User Groups – Combining Community and Technology in Higher Education

Pre-Recorded Session


Live Q&A

Friday, June 4th, 11:00 – 11:30 am


Description

This presentation discusses the user groups led by the Office of Cybersecurity Testing and Cyber Defense team in collaboration with the campus community. In 2019, the first Firewall User Group meeting was held to support campus firewall administrators. Following that successful example, AMP and Qualys user groups started and have been gaining significant momentum of campus participation. One of the strategies we take is the creation of community engagement for mutual support. Campus IT administrators are expected to use numerous technical tools in their role, and many admins have different skill sets and backgrounds. As such, distributed IT can lead to distributed pockets of knowledge, with different groups possessing different skill sets. User groups seek to bridge that knowledge gap to allow admins to coordinate with one another effectively, share information, report problems, and brainstorm new ideas. User Groups can provide engagement of subject experts such as Network engineers, Server administrators and Security engineers to share their expertise to help facilitate campus community engagement. At the end of the presentation, participants will be able to learn about the User Groups, tips for successful User Group meetings, benefit of participating in the User Group meetings as well as latest topics and discussions.

Participants will be able to learn about the User Groups, tips for successful User Group meetings, benefit of participating in the User Group meetings as well as latest topics and discussions.


Presenter Information