Topics Map > Policies
Topics Map > Security

Security - AMP Data Collection Summary at UW

Per Regent Policy Document 25-3, Acceptable Use of Information Technology Resources, the UW System shall take reasonable measures to protect the privacy of its IT resources and accounts assigned to authorized users.

Foundational Document: Regent Policy Document 25-3, Acceptable Use of Information Technology Resources

Privacy and Security (Excerpt)

The UW System shall take reasonable measures to protect the privacy of its IT resources and accounts assigned to authorized users. However, the UW System cannot guarantee absolute security and privacy. Any activity on UW System IT resources may be monitored, logged and reviewed by UW System-approved personnel or may be discovered in legal proceedings or in response to public records requests. Generally, the contents of user accounts will be treated as private and not examined or disclosed except:
  • as required for system maintenance or business necessity, including security measures;
  • when there exists reason to believe an individual is violating the law or UW System or institutional policy;
  • to meet the requirements of the Wisconsin Public Records Law or other laws; regulations; or institutional policies, rules, or guidelines; or
  • as permitted by applicable law or policy. The UW System has the right to employ appropriate security measures, to investigate as needed, and to take necessary actions to protect UW System IT resources.
The UW System may also have a duty to provide information relevant to ongoing investigations by law enforcement. UW institutions will work with authorized users to protect their privacy interests, as well as those of the UW System. Authorized users must not violate the privacy of other users. Technical ability to access unauthorized resources or others’ accounts does not by itself imply authorization to do so, and it is a violation of this policy to access others’ accounts unless authorized to do so for a legitimate business purpose.

General Questions
 Who can view the data collected by AMP?  AMP data can be viewed by UWSS and UWSA Security staff, Institution staff with AMP console access and Cisco security staff for analysis purposes described below.
 Where is the data collected by AMP stored?  The data is kept in Cisco’s data centers.
 How is the data collected by AMP accessed?  UWSS and UWSA Security staff and Institution staff must log into the AMP console to view the data.  Cisco has access to the data via tools they use for their threat analysis as described below.

 Personal Data Collected
 Reason for Collecting Personal Data
 Duration
• Name
• Address
• Email Address
• User ID
 Data is collected to create a user profile for the institutional staff who are the AMP product administrators.  It is required to ensure AMP enablement, product use notification, training and support.
 Indefinitely
• Name of File
• File path name
 The document name (e.g. JohnDoe.doc) and file location (e.g. C:\Users\JohnDoe\AppData\Local\svchost.exe) are collected to more quickly identify threats and provide more effective endpoint security.  Although providing this data is optional, not providing it would provide less protection from security threats.
 
This information is provided to Cisco for all files.  Cisco global threat intelligence research unit analyses this data against known security threats to determine if any risk exists and new information, they learn about the threats is used to update their global threat information.
 30 Days
 • Local URL, Mac Address, IP Address • Remote URL, Mac Address, IP Addres  The data and computer addresses are collected to provide more effective endpoint security.  Collection of this data is required.  The data collected includes URL’s (e.g. http://malware-server.com), IP addresses (e.g. 10.1.1.101) and MAC addresses (e.g. 00-14-22-01-23-45).
 
This information is also shared with Cisco’s global threat intelligence research so it can be analyzed against known security threats and update global threat information.
 30 Days
 • Customer Username
 The customers username is collected to determine if the account has been compromised and to provide contact information.  Both disabled and enabled usernames are collected (e.g. u@workstation-name” (the “u” is for “user”), “a@workstation-name” (the “a” is for administrator), and “johndoe@workstation-name” for user/administrator).  Although providing this data is optional, not providing it would inhibit investigations when threats are identified as we would not know which accounts are compromised nor have a way contacting the affected user.  
 
This information is also shared with Cisco’s global threat intelligence research so it can be analyzed against known security threats and update global threat information.
 30 Days
 • Entire files captured as unstructured data  Collecting entire files as unstructured data is optional but collecting this data and sharing it with Cisco allows the data to be quarantined for analysis purposes, thereby enhancing the ability to examine its effects should it be activated in a production environment.  Collection of this data and analysis of a virus’ effect is a critical countermeasure to phishing and malware attempts.  The data collected is:
 
• Executable files (e.g. malware.exe)”
   o Fetched automatically (when enabled) and uploaded to Cisco Systems for File Analysis. The entire file is captured as unstructured data for further analysis.

• Data files (e.g. Document.doc)
   o Requested files are fetched on-demand and uploaded to Cisco Systems for File Analysis. The entire file is captured as unstructured data for further analysis.  On-demand analysis can be initiated by UW institutions or Cisco if either party identifies a file that may look suspicious.
 
This information is also shared with Cisco’s global threat intelligence research so it can be analyzed against known security threats and update global threat information.
 Indefinitely

See Also:




Keywords:privacy policy   Doc ID:98798
Owner:Michael S.Group:UW Platteville
Created:2020-03-12 18:48 CDTUpdated:2020-03-12 18:53 CDT
Sites:UW Platteville
Feedback:  0   0