Resources

A collection of tools and services, training opportunities, and job aids to help you implement privacy and cybersecurity best practices.

Filter by
Showing 29 resources

  • Prisma Cloud Security

    Prisma Cloud Security is a free service for cloud account owners. Prisma integrates with AWS accounts to provide a clear view of assets. It can be used to compare current configurations to secure baselines or industry and government standards.

    When a resource is non-compliant, Prisma will produce a highly actionable alert. The alert will indicate the problem, what compliance standards are affected (if any), and provide step-by-step instructions for fixing it. This allows owners and managers to easily maintain a secure posture for their accounts, even in the middle of deployment.

    Prisma is now available for AWS account owners. Search for Prisma in the Answers KnowledgeBase to learn about requesting access and for additional information. 

     

    Tools & Services

  • Cybersecurity, Large Language Model (LLM) Code Review

    When a Large Learning Model (LLM) code review is requested, the Cybersecurity team will typically start by discussing these questions with lead and senior software developers who contributed to the development of the LLM.

    Job Aid

  • Using GitHub Actions with the Campus Firewall

    This document provides the developer with resources to learn about what GitHub Actions and Runners are, how to set up the features, and how to use them effectively.

    Job Aid

  • Storing Secrets on Amazon Web Services (AWS)

    Correctly using AWS Secrets Manager helps fulfill an IT Professional’s responsibility to comply with Illinois Cybersecurity standards.

    Job Aid

  • Device Wiping and Disposal

    How to be security compliant for Electronic Data, Disk, SSD, or Other Storage Device Disposal.

    Job Aid

  • Cybersecurity Mobile Integration

    Mobile Integration Testing provides an automated means to check iterations of an application for flow-breaking changes.

    Job Aid

  • CIS Benchmarks and Assessor

    The Center for Internet Security has benchmarks for securing Linux, Windows, Cloud Providers, Mobile Devices, Networking Equipment, more. IT professionals create an account with your NetID.

    Job Aid

  • Zeek

    Tool that passively monitors the network at the border.

    Tools & Services

  • WorkSpace One

    Facilitates management of endpoints including Windows and MacOS.

    Tools & Services

  • University Box Health Data Folder (BHDF)

    University units can securely store Personal Health Data (PHI) and other types of data governed by HIPAA.

    Tools & Services

  • SSL Certificate Issuance

    This service manages SSL certificate requests and processes them through the university Certificate Authority vendor, Sectigo.

    Tools & Services

  • Qualys

    Vulnerability management tool used by the cybersecurity team and Qualys users to assess risk to systems and networks.

    Tools & Services

  • MECM

    Facilitates management of endpoints including Windows and MacOS.

    Tools & Services

  • Munki

    Facilitates management of endpoints including Windows and MacOS.

    Tools & Services

  • IP2Fire

    IT Pro tool used to identify the firewall group of an IP or network.

    Tools & Services

  • Duo Mobile Application

    Tools & Services

  • Mobile Device Security

    Mobile devices help us connect, work, shop, and play—and to enable that, they hold a lot of personal information. Get tips to better protect your device and yourself.

    Training

  • Data Classification Flowchart

    If you’re not sure what kind of data you work with, check the flowchart. Data-Classification-Flowchart.pdf

    Job Aid

  • Third Party Risk Management

    As part of Third-Party Risk Management, GRC will review the privacy and security risk posture of all contracts and purchases related to university data.

    Our aim is to serve as a “concierge” service to help you navigate the myriad of compliance requirements that might apply to your project.

    • If your project will result in a purchase that will store, collect, access, create, manage, process, or transmit university data, engage the GRC process at the beginning of the project to help avoid implementation delays.
    • To begin, click the Risk Assessment Tool button below to fill out the Lightweight Risk Assessment (LRA) to provide information about your project/purchase.

    To aid in preparing to complete the online LRA form, a document version of the questionnaire to use offline can be downloaded HERE
    Please note – The offline document is only for your convenience in preparing to complete the online LRA form.  Your answers must be submitted in the online form; we have no way to process the offline document.

    Vendor cooperation is by far the primary determining factor as to how long a review takes. You may be able to speed things up by taking an active role to ensure your vendor is responsive to the needs of the process.

    You may be able to “jump the line” and speed up the process even more, if you select a vendor that has already been reviewed recently, for a use case similar to yours.  Each vendor is reviewed for the use case specified by the unit (data classification and process criticality). If your use case has a different risk level than the one reviewed for previously, another review may be necessary, but this gives you a much better opportunity to cut down on the time necessary for a review. See the list of recently reviewed vendors at https://go.illinois.edu/vendor-list.

    Tools & Services

  • Vulnerability Response

    Quick identification of at-risk systems or services with responsible notification to the owners of those services.

    Tools & Services

  • Firewall

    Monitors incoming and outgoing network traffic and decides whether to allow or block.

    Several firewall plans are provided to serve a variety of needs. The group model allows departments to benefit from the protection of the firewalls that are already in place at the entrance and exit of the campus network, while also allowing Technology Services to maintain a manageable and flexible rule set on the campus firewalls

    Tools & Services

  • CrowdStrike

    Designed to mitigate real-time cybersecurity threats and incidents, give visibility and security capability.

    Tools & Services

  • Best Practices with AWS Lambda

    AWS Lambda can help development teams associated with the University of Illinois to more easily comply with Illinois Cybersecurity standards.

    Job Aid

  • Example Development Standards

    A starting point to guide discussion of Cybersecurity development practices, and to help draft a document internal to a team.

    Job Aid

  • Logging Practices for Application Developers

    Properly logging security events helps comply with Illinois Cybersecurity standards.

    Job Aid

  • API Code Review Discussion Questions

    Cybersecurity code review will typically start with Open Web Application Security Project (OWASP) API Security Top Ten inspired questions.

    Job Aid

  • Cybersecurity Training

    Cybersecurity training helps raise awareness and build good cyber-safety habits. Login using your university credentials to access assigned and optional cybersecurity training.

    Training

  • Privacy Threshold Assessment

    Privacy Threshold Assessment
    Fill out this survey to begin a consultation with the Privacy Team.
    Tools & Services

  • Box High Risk Folders

    Box High Risk Data Folder (BHRDF) is capable of securely storing approved types of High Risk Data.

    Tools & Services