Goals & Benefits to Campus
The ever growing threat of cyberattacks against our digital resources, large and small, means that information security must be everyone's responsibility. We are integrating this model of shared responsibility into Berkeley's existing information security program and updating it to current UC and industry standards. This will help to ensure that risk is understood and addressed at the appropriate organizational levels, and aligns our core campus priorities and values with requirements and principles from UC’s Electronic Information Security Policy, IS-3.
Berkeley empowers engaged thinkers and global citizens to change our world.
-
Implementation of IS-3, UC’s Electronic Information Security Policy, will support the campus’ ability to more effectively manage cyber risk. This in turn supports our students, faculty, and researchers’ ability to pursue inquiry, discovery, and creative expression, to discover and create, and engage beyond the campus. This implementation project is key to integrating IS-3 into UC Berkeley’s information security program.
Measures of Success:
-
Vice Chancellor for Research Office / Research IT / Information Security Office Research Security Partnership formalized; pilot research groups onboarded.
-
30% of campus academic and administrative units have completed all initial implementation tasks.
-
Prioritization strategy for engaging with units formalized; Periodic review process defined and scheduled for pilot units.
-
Processes for unit onboarding and status tracking have been operationalized.
-
Program for ongoing engagement of security leads is in place.
-
Campus Information Security Roles and Responsibilities Policy submitted to Compliance and Enterprise Risk Committee (CERC) for approval.
Milestones & Timeline:
Important dates and major milestones for this program through 2022. See the IS-3 Implementation Project Website for more detailed project information. All dates are estimated and may shift as this program progresses.
|
Date |
Milestone |
|
9/30/2021 |
Operationalize processes for unit onboarding and status tracking |
|
11/30/2021 |
Produce first annual end-of-year executive summary of identified risks and trends |
|
12/17/2021 |
Complete onboarding for Sept-Nov 2021 cohort of Units |
|
12/17/2021 |
Complete high-risk Unit engagement plan & tentative scheduling |
|
12/17/2021 |
Policy work: Submit Roles and Responsibilities Policy CERC for approval; Final campus approval of updated MSSND |
|
1/31/2022 |
Define goals and process for Unit periodic reviews |
|
1/31/2022 |
Streamline Unit self-assessment review and reporting processes for high-risk Units |
|
3/31/2022 |
Final campus approval for Roles and Responsibilities Policy |
|
5/10/2022 |
Complete onboarding for Feb-Apr 2022 cohort of Units |
|
6/30/2022 |
VCRO/RIT/ISO Research Security Partnership formalized; pilot research groups onboarded |
|
6/30/2022 |
Expand program for ongoing engagement of Unit Information Security Leads (UISLs) |
|
7/31/2022 |
Complete pilot unfacilitated periodic review for Pilot Units and early adopters |
|
9/15/2022 |
Complete onboarding for Jun-Aug 2022 cohort of Units |
|
11/30/2022 |
Produce annual end-of-year executive summary of identified risks and trends |
|
12/23/2022 |
Define goals & one-time onboarding process for low-risk Units |
|
1/15/2023 |
Complete onboarding for Oct-Dec 2022 cohort of Units |
|
7/1/2023 |
Begin onboarding low-risk Units and operationalize periodic review process |