Information Security Office

Meet the Team

Allison Henry, CISOAllison Henry

Chief Information Security Officer

Charron AndrusCharron Andrus

Associate Chief Information Security Officer

View our org chart

What We Do

The Information Security Office (ISO) protects the UC Berkeley campus community and the University by safeguarding data, privacy, and IT resources while promoting a culture of shared responsibility for information security. We collaborate with partners across the Berkeley campus to:

Key Functions & Services

Identity & Access Management 

Led by Mary Northup, Manager, CalNet provides identity and access control solutions for the campus:

  • Identity Data Services - Berkeley Person Registry, CalGroups, LDAP
  • Access Services - Shibboleth, CAS, Duo, CalNet Sponsored Guests
  • Account Services - CalNet Account Manager, Special Purpose Accounts
  • Support Services - CalNet Admin Tool (CAT)

Visit the service catalog page

Information Security Management

Led by Jake Harwood, Senior Manager, this group is comprised of three teams.

Information Security Assessments 
Information Security Assessments is led by Chad Edwards, Manager. Key services include:

  • Vendor Security Assessments - Management of supplier security risks.
  • MSSEI Security Assessments - Review of MSSEI self-assessment plans.
  • Unit Security Assessments - Support for IS-3 Unit Engagement model.
  • CPHS Data Security Assessments - Support researchers with CPHS data security requirements.

Information Security Operations
Information Security Operations is led by John Ives, Manager. This team handles the following:

  • Threat Detection - Network IDS, Endpoint Detection and Response.
  • Vulnerability Detection - Scanning with Tenable Nessus.
  • Log Correlation - Log ingestion and storage, ArcSight SIEM.
  • Incident Response - Track all security incidents to resolution.
  • bSecure - Firewalls and VPN (in partnership with Network Services).
  • “Fight the Phish" - bMail security (in partnership with bConnected).

Information Security Development
Managing applications supporting campus security services:

  • SOCK - Ingest security events from detection sources, enrich those events, create incidents, and manage incident response workflows.
  • SocReg - Self-service network registration portal for security contacts, network services, and protected data applications.
  • Metric App (UISM) - Security-related metrics by campus unit.

View all security offerings in the service catalog

Information Security Policy

Led by Julie Goldstein, Program Manager, the key services of the Information Security Policy Office include:

  • Development, review, and maintenance of information security policies, standards, supporting materials, and programs
  • Consulting and advising
  • Building campus relationships and partnerships
  • Collaboration on outreach and engagement

Visit the ISO Policy website

Service Management

Summer Scanlan, Business Systems Analyst, and this team provide:

  • Ticketing and service desks
  • Written and verbal communications
  • Visual Design & UX
  • Data Collection/Analysis
  • Workgroups