Information Security Office

Meet the Team

Allison Henry Chief Information Security Officer	Charron Andrus Associate Chief Information Security Officer

View our org chart(link is external)

What We Do

The Information Security Office (ISO)(link is external) protects the UC Berkeley campus community and the University by safeguarding data, privacy, and IT resources while promoting a culture of shared responsibility for information security. We collaborate with partners across the Berkeley campus to:

Detect and respond to vulnerabilities and security incidents(link is external).
Assess data and systems to align with policies(link is external).
Provide a centralized authentication and authorization system(link is external).
Clarify campus obligations needed to protect data(link is external).
Educate the community about information security(link is external).

Key Functions & Services

collapse all expand all

Identity & Access Management

Led by Mary Northup, Manager, CalNet provides identity and access control solutions for the campus:

Identity Data Services - Berkeley Person Registry, CalGroups, LDAP
Access Services - Shibboleth, CAS, Duo, CalNet Sponsored Guests
Account Services - CalNet Account Manager, Special Purpose Accounts
Support Services - CalNet Admin Tool (CAT)

Visit the service catalog page

Information Security Management

Led by Jake Harwood, Senior Manager, this group is comprised of three teams.

Information Security Assessments
Information Security Assessments is led by Chad Edwards, Manager. Key services include:

Vendor Security Assessments - Management of supplier security risks.
MSSEI Security Assessments - Review of MSSEI self-assessment plans.
Unit Security Assessments - Support for IS-3 Unit Engagement model.
CPHS Data Security Assessments - Support researchers with CPHS data security requirements.

Information Security Operations
Information Security Operations is led by John Ives, Manager. This team handles the following:

Threat Detection - Network IDS, Endpoint Detection and Response.
Vulnerability Detection - Scanning with Tenable Nessus.
Log Correlation - Log ingestion and storage, ArcSight SIEM.
Incident Response - Track all security incidents to resolution.
bSecure - Firewalls and VPN (in partnership with Network Services).
“Fight the Phish" - bMail security (in partnership with bConnected).

Information Security Development
Managing applications supporting campus security services:

SOCK - Ingest security events from detection sources, enrich those events, create incidents, and manage incident response workflows.
SocReg - Self-service network registration portal for security contacts, network services, and protected data applications.
Metric App (UISM) - Security-related metrics by campus unit.

View all security offerings in the service catalog

Information Security Policy

Led by Julie Goldstein, Program Manager, the key services of the Information Security Policy Office include:

Development, review, and maintenance of information security policies, standards, supporting materials, and programs
Consulting and advising
Building campus relationships and partnerships
Collaboration on outreach and engagement

Visit the ISO Policy website(link is external)