Information Security - Education, Tips, & Policy
At UW La Crosse, staying informed about security policies and best practices is essential to protecting our campus community. All faculty and staff must complete mandatory annual Information Security Awareness training through Workday Learning to stay current on the latest threats and protocols. Regular phishing simulations provide safe, educational opportunities to recognize warning signs before real attacks occur.
Stay Informed, Compliant, and Secure
Education & Awareness
Security is a community effort. We provide year-round opportunities to help you build strong digital habits.
- Mandatory Annual Training: All faculty and staff are required to complete Information Security Awareness training annually via Workday Learning. This training ensures everyone is up to date on the latest threats and university protocols.
- Phishing Simulations: We conduct regular phishing simulations to test our defenses. These are safe, educational exercises designed to help you spot the warning signs of a real attack before it happens.
Policies & User Agreements
All users must adhere to university and system-wide governance to ensure the safety of our digital community.
Acceptable Use
- Regent Policy Document 25-3 (opens in a new tab): Defines the acceptable use of information technology resources for all UW System users.
UW System Administrative Policies (1000 Series)
View the comprehensive standards that govern our security operations:
- SYS 1000 (opens in a new tab): Information Security: General Terms and Definitions — Provides the foundational definitions used across all 1000-series policies.
- SYS 1030 (opens in a new tab): Information Security: Identity and Access Management — Standards for authentication, user access, and identity verification.
- SYS 1031 (opens in a new tab): Information Security: Data Classification — Defines risk levels (Low, Moderate, High) and the protection requirements for each.
- SYS 1032 (opens in a new tab): Information Security: Awareness — Mandates annual security training and regular phishing simulations.
- SYS 1033 (opens in a new tab): Information Security: Incident Response — Outlines the mandatory procedures for reporting and managing security incidents.
- SYS 1035 (opens in a new tab): Information Security: IT Asset Management — Standards for tracking, inventorying, and securing IT hardware and software.
- SYS 1036 (opens in a new tab): Information Security: Endpoint Protection — Security requirements for individual devices (laptops, desktops, and servers).
- SYS 1037 (opens in a new tab): Information Security: IT Disaster Recovery — Planning for the restoration of mission-critical IT services after a disruption.
- SYS 1038 (opens in a new tab): Information Security: Network Protection — Standards for securing the university network infrastructure and zoning.
- SYS 1039 (opens in a new tab): Information Security: Risk Management — The framework for identifying, assessing, and mitigating information security risks.
- SYS 1040 (opens in a new tab): Information Security: Privacy Policy — Guidelines for protecting the privacy of personal data and handling personally identifiable information (PII).
- SYS 1041 (opens in a new tab): Information Security: Logging and Monitoring — Requirements for collecting and reviewing system logs to detect threats.
- SYS 1042 (opens in a new tab): Information Security: Threat and Vulnerability Management — Governs how we scan for vulnerabilities and apply necessary patches to systems.
Quick Tips for Success
- "The Gray Areas": Not sure if it's a security threat or just a technical glitch? Call the Help Desk. If it is a security issue, they will fast-track it to the Cyber Defense team.
- Be Prepared: When reporting an issue, having your computer name (Asset Tag) and a screenshot of any error messages will significantly speed up your support request.