A collection of tools and services, training opportunities, and job aids to help you implement privacy and cybersecurity best practices.
-
Using GitHub Actions with the Campus Firewall
This document provides the developer with resources to learn about what GitHub Actions and Runners are, how to set up the features, and how to use them effectively.
Job Aid -
Storing Secrets on Amazon Web Services (AWS)
Correctly using AWS Secrets Manager helps fulfill an IT Professional’s responsibility to comply with Illinois Cybersecurity standards.
Job Aid -
Device Wiping and Disposal
How to be security compliant for Electronic Data, Disk, SSD, or Other Storage Device Disposal.
Job Aid -
Cybersecurity Mobile Integration
Mobile Integration Testing provides an automated means to check iterations of an application for flow-breaking changes.
Job Aid -
CIS Benchmarks and Assessor
The Center for Internet Security has benchmarks for securing Linux, Windows, Cloud Providers, Mobile Devices, Networking Equipment, more. IT professionals create an account with your NetID.
Job Aid -
University Box Health Data Folder (BHDF)
University units can securely store Personal Health Data (PHI) and other types of data governed by HIPAA.
Tools & Services -
SSL Certificate Issuance
This service manages SSL certificate requests and processes them through the university Certificate Authority vendor, Sectigo.
Tools & Services -
Qualys
Vulnerability management tool used by the cybersecurity team and Qualys users to assess risk to systems and networks.
Tools & Services -
Duo Mobile Application
INSTALLING THE APP
See Installing the Duo Mobile app to get set up.
REGISTERING YOUR DEVICE
Once the app is installed on your mobile device, you’ll want to be sure the device is registered with the university. https://identity.uillinois.edu
ACTIVATING THE DEVICE
Follow instructions for activating the device you wish to use.
2FA, Activate Duo Mobile for Your Device (uillinois.edu)SETTING YOUR PREFERENCES
Select how you’d like to receive notifications from Duo to approve them on your phone: Push Notification or One Time Passcodes are the fastest options for users. 2FA – Getting started with Duo (uillinois.edu)
USING THE DUO APPLICATION
Log in to the university application of your choosing with your NetID and password. You’ll see the following screen for any application that requires multi-factor authentication.
Tools & Services -
Mobile Device Security
Power Up Mobile Cybersecurity
Mobile devices help us connect, work, shop, and play—and to enable that, they hold a lot of personal information. Get tips to better protect your device and yourself.
Training -
Data Classification Flowchart
If you’re not sure what kind of data you work with, check the flowchart. Data-Classification-Flowchart.pdf
Job Aid -
Third Party Risk Management
As part of Third-Party Risk Management, GRC will review the privacy and security compliance posture of all contracts and purchases related to university data.
Our aim is to serve as a “concierge” service to help you navigate the myriad of compliance requirements that might apply to your project.
- If your project will result in a purchase that will store, collect, access, create, manage, process, or transmit university data, engage the GRC process at the beginning of the project to help avoid implementation delays.
- To begin, fill out the Initial Risk Assessment (http://go.illinois.edu/vendorrisk) to provide information about your project.
Vendor cooperation is by far the primary determining factor as to how long a review takes. You may be able to speed things up by taking an active role to ensure your vendor is responsive to the needs of the process.
Tools & Services -
Vulnerability Response
Quick identification of at-risk systems or services with responsible notification to the owners of those services.
Tools & Services -
Firewall
Monitors incoming and outgoing network traffic and decides whether to allow or block.
Several firewall plans are provided to serve a variety of needs. The group model allows departments to benefit from the protection of the firewalls that are already in place at the entrance and exit of the campus network, while also allowing Technology Services to maintain a manageable and flexible rule set on the campus firewalls
Tools & Services -
CrowdStrike
Designed to mitigate real-time cybersecurity threats and incidents, give visibility and security capability.
Tools & Services -
Best Practices with AWS Lambda
AWS Lambda can help development teams associated with the University of Illinois to more easily comply with Illinois Cybersecurity standards.
Job Aid -
Example Development Standards
A starting point to guide discussion of Cybersecurity development practices, and to help draft a document internal to a team.
Job Aid -
Logging Practices for Application Developers
Properly logging security events helps comply with Illinois Cybersecurity standards.
Job Aid -
API Code Review Discussion Questions
Cybersecurity code review will typically start with Open Web Application Security Project (OWASP) API Security Top Ten inspired questions.
Job Aid -
Cybersecurity Training
Cybersecurity training helps raise awareness and build good cyber-safety habits. Login using your university credentials to access assigned and optional cybersecurity training.
Training -
Privacy Threshold Assessment
Privacy Threshold AssessmentFill out this survey to begin a consultation with the Privacy Team.Tools & Services -
Box High Risk Folders
Box High Risk Data Folder (BHRDF) is capable of securely storing approved types of High Risk Data.
Tools & Services