Information Security Office

Meet the Team

Allison Henry, CISOAllison Henry

Chief Information Security Officer

View our org chart

What We Do

The Information Security Office (ISO) guides UC Berkeley in the management of information security risk and helps safeguard data and systems to enable the mission of teaching, research, and public service. We collaborate with partners across the Berkeley campus to:

  • Detect and respond to vulnerabilities and security incidents.

  • Assess data and systems to align with policies.

  • Provide a centralized authentication and authorization system.

  • Clarify campus obligations needed to protect data.

  • Educate the community about information security.

How We Collaborate

Information Security Office

Distributed Campus Workforce

  • Monitor the network.

  • Respond to incidents.

  • Assess risk.

  • Manage identities and access.

  • Develop policies.

  • Education and outreach.

  • Secure systems and data.

  • Report incidents.

  • Implement appropriate security controls.

  • Classify and register data.

  • Understand campus policy requirements.

  • Compliance with laws/regulations/DUAs.

Key Functions & Services

Identity & Access Management 

CalNet provides identity and access control solutions for the campus:

  • Identity Data Services - Berkeley Person Registry, CalGroups, LDAP
  • Access Services - Shibboleth, CAS, Duo, CalGuest
  • Account Services - CalNet Account Manager, Special Purpose Accounts
  • Support Services - CalNet Admin Tool (CAT)

Visit the service catalog page

Information Security Management

Led by Jake Harwood, Senior Manager, this group is comprised of three teams.

Information Security Assessments 
Key services include:

  • Vendor Security Assessments - Management of supplier security risks.
  • MSSEI Security Assessments - Review of MSSEI self-assessment plans.
  • Unit Security Assessments - Support for IS-3 Unit Engagement model.
  • CPHS Data Security Assessments - Support researchers with CPHS data security requirements.

Information Security Operations
This team handles the following:

  • Threat Detection - Network IDS, Endpoint Detection and Response.
  • Vulnerability Detection - Scanning with Tenable Nessus.
  • Log Correlation - Log ingestion and storage, ArcSight SIEM.
  • Incident Response - Track all security incidents to resolution.
  • bSecure - Firewalls and VPN (in partnership with Network Services).
  • “Fight the Phish" - bMail security (in partnership with bConnected).

Information Security Development
Managing applications supporting campus security services:

  • SOCK - Ingest security events from detection sources, enrich those events, create incidents, and manage incident response workflows.
  • SocReg - Self-service network registration portal for security contacts, network services, and protected data applications.
  • Metric App (UISM) - Security-related metrics by campus unit.

View all security offerings in the service catalog

Information Security Policy

Led by Julie Goldstein, Information Security Policy Program Manager, the key services of the Information Policy Office include:

  • Policy development, review, and maintenance
  • Consulting and advising
  • Building relationships and partnerships
  • Collaboration on outreach and engagement.

Visit the ISO Policy website

Service Management

Summer Scanlan, Business Systems Analyst, and this team provide:

  • Written communications
  • Verbal communications
  • Visual Design & UX
  • Data Collection/Analysis
  • Workgroups

Quick Links

home button security button system status button KB button

Help Us Improve

IT catalog feedback button