Cybersecurity consulting

We offer consultation on security best practices for protecting specific systems, software and processes.
To request a consultation, please complete this form.

Privacy consulting

We offer consultation about privacy best practices. Fill out this survey to begin a privacy consultation.
For additional information, contact privacy@illinois.edu.

Identity & Access Management consulting

We offer consultation regarding identity and access management best practices. Reach out to ADSupport@illinois.edu.

Digital Risk consulting

If your project will result in a purchase that will store, collect, access, create, manage, process, or transmit university data, engage the GRC process at the beginning of the project to help avoid implementation delays.
To begin, click the Risk Assessment Tool button below to fill out the Lightweight Risk Assessment (LRA) to provide information about your project/purchase.

To aid in preparing to complete the online risk assessment form, a document version of the questionnaire to use offline can be downloaded here. Your final answers must be submitted in the online form; we have no way to process the offline document.

Vendor cooperation is by far the primary determining factor as to how long a review takes. You may be able to speed things up by taking an active role to ensure your vendor is responsive to the needs of the process.

You may be able to speed up the process if you select a recently reviewed vendor with a use case similar to yours. Each vendor is reviewed for the use case specified by the unit (data classification and process criticality). If your use case has a different risk level than the one reviewed for previously, another review may be necessary, but this gives you a much better opportunity to cut down on the time necessary for a review. See the list of recently reviewed vendors at https://go.illinois.edu/vendor-list.

Risk Assessment Tool-LRA
Contact: digitalrisk@illinois.edu
Cost: Free, available upon request; required for purchases involving university data

Box High Risk Folders

A Box High Risk Data Folder is capable of securely storing approved types of High Risk Data. Read and understand requirements for University Box High Risk Data Folders found in the Knowledgebase article.

Complete a University Box High Risk Data Folder Request Form
https://go.uillinois.edu/RequestBoxHighRiskFolder.

CrowdStrike

Designed to mitigate real-time cybersecurity threats and incidents, give visibility and security capability.

Endpoint Security, CrowdStrike, What is CrowdStrike?

Contact securitysupport@illinois.edu for more information.

Duo

If you have questions about Duo, contact the help desk.

A swipe and a tap and you’re in!

Tapping and swiping is second nature now that smartphones are part of one’s wardrobe. (Wallet, keys, phone) Many of us have our phones in hand or within reach most of our waking lives.

Why not use the power of your phone to make logging in to University of Illinois systems or applications faster and simpler? You can even use Duo Mobile with certain smartwatches and make it even easier. Follow the instructions here to install, set up, and start using the app when you authenticate.

INSTALLING THE APP

See Installing the Duo Mobile app to get set up.

REGISTERING YOUR DEVICE

Once the app is installed on your mobile device, you’ll want to be sure the device is registered with the university. https://identity.uillinois.edu

ACTIVATING THE DEVICE

Follow instructions for activating the device you wish to use.
2FA, Activate Duo Mobile for Your Device (uillinois.edu)

SETTING YOUR PREFERENCES

Select how you’d like to receive notifications from Duo to approve them on your phone: Push Notification or One Time Passcodes are the fastest options for users. 2FA – Getting started with Duo (uillinois.edu)

USING THE DUO APPLICATION

Log in to the university application of your choosing with your NetID and password. You’ll see the following screen for any application that requires multi-factor authentication.

Firewall

Monitors incoming and outgoing network traffic and decides whether to allow or block. Networking, Firewall, Service Plan Details

Several firewall plans are provided to serve a variety of needs. The group model allows departments to benefit from the protection of the firewalls that are already in place at the entrance and exit of the campus network, while also allowing Technology Services to maintain a manageable and flexible rule set on the campus firewalls
Contact: net-trouble@illinois.edu

IP2Fire

IT Pro tool used to identify the firewall group of an IP or network.

Prisma Cloud Security

Prisma Cloud Security is a free service for cloud account owners. Prisma integrates with AWS accounts to provide a clear view of assets. It can be used to compare current configurations to secure baselines or industry and government standards.

When a resource is non-compliant, Prisma will produce a highly actionable alert. The alert will indicate the problem, what compliance standards are affected (if any), and provide step-by-step instructions for fixing it. This allows owners and managers to easily maintain a secure posture for their accounts, even in the middle of deployment.

Prisma is now available for AWS account owners. Search for Prisma in the Answers KnowledgeBase to learn about requesting access and for additional information. 

SSL Certificate Issuance

This service manages SSL certificate requests and processes them through the university Certificate Authority vendor, Sectigo.

University Box Health Data Folder

University units can securely store Personal Health Data (PHI) and other types of data governed by HIPAA. https://hipaa.uillinois.edu/protecting-phi-with-box-health-data-folders/

Vulnerability Response

Quick identification of at-risk systems or services with responsible notification to the owners of those services.
https://answers.uillinois.edu/illinois/page.php?id=89291

For questions about this central point to coordinate the discovery and disclosure of potential security vulnerabilities, please email securitysupport@illinois.edu.

Zeek

Tool that passively monitors the network at the border. Email securitysupport@illinois.edu.

API Code Review Discussion Questions

Cybersecurity code review will typically start with Open Web Application Security Project (OWASP) API Security Top Ten inspired questions.

Best Practices with AWS Lambda

AWS Lambda can help development teams associated with the University of Illinois to more easily comply with Illinois cybersecurity standards.

CIS Benchmarks and Assessor

The Center for Internet Security has benchmarks for securing Linux, Windows, Cloud Providers, Mobile Devices, Networking Equipment and more.

The benchmarks often include multiple levels depending on how hardened the system needs to be as referenced by the security controls. These benchmarks are used to provide best practices to the campus community on creating secure deploy-able systems.

The benchmarks can be accessed by creating an account with your netid@illinois.edu address.

Visit https://workbench.cisecurity.org to create the account and start working with the benchmarks.

Included is CIS-CAT which is an automated assessor of systems. It enables IT pros to check their systems automatically against the CIS benchmarks to determine if they are meeting the benchmark. The assessor, along with the benchmarks themselves, provide clear step-by-step instructions in remediation of the issues found by the assessor.

Cybersecurity Mobile Integration

Mobile Integration Testing provides an automated means to check iterations of an application for flow-breaking. changes. https://answers.uillinois.edu/illinois/106384

Data Classification Flowchart

If you’re not sure what kind of data you work with, check the flowchart. Data-Classification-Flowchart.pdf. For assistance with data classification, contact digitalrisk@illinois.edu.

Device Wiping and Disposal

How to be security compliant for Electronic Data, Disk, SSD, or Other Storage Device Disposal. https://answers.uillinois.edu/69861 

Example Development Standards

A starting point to guide discussion of Cybersecurity development practices, and to help draft a document internal to a team. https://answers.uillinois.edu/illinois/106122

Large Language Model (LLM) Code Review

The Cybersecurity team will typically start by discussing questions with lead and senior software developers who contributed to the development of the LLM. Details are in this article.

Logging Practices for Application Developers

Properly logging security events helps comply with Illinois Cybersecurity standards. https://cybersecurity.illinois.edu/resources/logging-practices-for-application-developers

Storing Secrets on Amazon Web Services

Correctly using AWS Secrets Manager helps fulfill an IT Professional’s responsibility to comply with Illinois Cybersecurity standards. https://answers.uillinois.edu/illinois/106612

Using GitHub Actions with the Campus Firewall

This document provides the developer with resources to learn about what GitHub Actions and Runners are, how to set up the features, and how to use them effectively. https://answers.illinois.edu/122838