A collection of tools and services, training opportunities, and job aids to help you implement privacy and cybersecurity best practices.
-
Prisma Cloud Security
Prisma Cloud Security is a free service for cloud account owners. Prisma integrates with AWS accounts to provide a clear view of assets. It can be used to compare current configurations to secure baselines or industry and government standards.
When a resource is non-compliant, Prisma will produce a highly actionable alert. The alert will indicate the problem, what compliance standards are affected (if any), and provide step-by-step instructions for fixing it. This allows owners and managers to easily maintain a secure posture for their accounts, even in the middle of deployment.
Prisma is now available for AWS account owners. Search for Prisma in the Answers KnowledgeBase to learn about requesting access and for additional information.
Tools & Services -
Cybersecurity, Large Language Model (LLM) Code Review
When a Large Learning Model (LLM) code review is requested, the Cybersecurity team will typically start by discussing these questions with lead and senior software developers who contributed to the development of the LLM.
Job Aid -
Using GitHub Actions with the Campus Firewall
This document provides the developer with resources to learn about what GitHub Actions and Runners are, how to set up the features, and how to use them effectively.
Job Aid -
Storing Secrets on Amazon Web Services (AWS)
Correctly using AWS Secrets Manager helps fulfill an IT Professional’s responsibility to comply with Illinois Cybersecurity standards.
Job Aid -
Device Wiping and Disposal
How to be security compliant for Electronic Data, Disk, SSD, or Other Storage Device Disposal.
Job Aid -
Cybersecurity Mobile Integration
Mobile Integration Testing provides an automated means to check iterations of an application for flow-breaking changes.
Job Aid -
CIS Benchmarks and Assessor
The Center for Internet Security has benchmarks for securing Linux, Windows, Cloud Providers, Mobile Devices, Networking Equipment, more. IT professionals create an account with your NetID.
Job Aid -
University Box Health Data Folder (BHDF)
University units can securely store Personal Health Data (PHI) and other types of data governed by HIPAA.
Tools & Services -
SSL Certificate Issuance
This service manages SSL certificate requests and processes them through the university Certificate Authority vendor, Sectigo.
Tools & Services -
Qualys
Vulnerability management tool used by the cybersecurity team and Qualys users to assess risk to systems and networks.
Tools & Services -
Duo Mobile Application
Tools & Services -
Mobile Device Security
Mobile devices help us connect, work, shop, and play—and to enable that, they hold a lot of personal information. Get tips to better protect your device and yourself.
Training -
Data Classification Flowchart
If you’re not sure what kind of data you work with, check the flowchart. Data-Classification-Flowchart.pdf
Job Aid -
Third Party Risk Management
As part of Third-Party Risk Management, GRC will review the privacy and security risk posture of all contracts and purchases related to university data.
Our aim is to serve as a “concierge” service to help you navigate the myriad of compliance requirements that might apply to your project.
- If your project will result in a purchase that will store, collect, access, create, manage, process, or transmit university data, engage the GRC process at the beginning of the project to help avoid implementation delays.
- To begin, click the Risk Assessment Tool button below to fill out the Lightweight Risk Assessment (LRA) to provide information about your project/purchase.
To aid in preparing to complete the online LRA form, a document version of the questionnaire to use offline can be downloaded HERE
Please note – The offline document is only for your convenience in preparing to complete the online LRA form. Your answers must be submitted in the online form; we have no way to process the offline document.Vendor cooperation is by far the primary determining factor as to how long a review takes. You may be able to speed things up by taking an active role to ensure your vendor is responsive to the needs of the process.
You may be able to “jump the line” and speed up the process even more, if you select a vendor that has already been reviewed recently, for a use case similar to yours. Each vendor is reviewed for the use case specified by the unit (data classification and process criticality). If your use case has a different risk level than the one reviewed for previously, another review may be necessary, but this gives you a much better opportunity to cut down on the time necessary for a review. See the list of recently reviewed vendors at https://go.illinois.edu/vendor-list.
Tools & Services -
Vulnerability Response
Quick identification of at-risk systems or services with responsible notification to the owners of those services.
Tools & Services -
Firewall
Monitors incoming and outgoing network traffic and decides whether to allow or block.
Several firewall plans are provided to serve a variety of needs. The group model allows departments to benefit from the protection of the firewalls that are already in place at the entrance and exit of the campus network, while also allowing Technology Services to maintain a manageable and flexible rule set on the campus firewalls
Tools & Services -
CrowdStrike
Designed to mitigate real-time cybersecurity threats and incidents, give visibility and security capability.
Tools & Services -
Best Practices with AWS Lambda
AWS Lambda can help development teams associated with the University of Illinois to more easily comply with Illinois Cybersecurity standards.
Job Aid -
Example Development Standards
A starting point to guide discussion of Cybersecurity development practices, and to help draft a document internal to a team.
Job Aid -
Logging Practices for Application Developers
Properly logging security events helps comply with Illinois Cybersecurity standards.
Job Aid -
API Code Review Discussion Questions
Cybersecurity code review will typically start with Open Web Application Security Project (OWASP) API Security Top Ten inspired questions.
Job Aid -
Cybersecurity Training
Cybersecurity training helps raise awareness and build good cyber-safety habits. Login using your university credentials to access assigned and optional cybersecurity training.
Training -
Privacy Threshold Assessment
Privacy Threshold AssessmentFill out this survey to begin a consultation with the Privacy Team.Tools & Services -
Box High Risk Folders
Box High Risk Data Folder (BHRDF) is capable of securely storing approved types of High Risk Data.
Tools & Services