Campuswide Cybersecurity Implementation

Goals & Benefits to Campus

The ever growing threat of cyberattacks against our digital resources, large and small, means that information security must be everyone's responsibility. We are integrating this model of shared responsibility into Berkeley's existing information security program and updating it to current UC and industry standards. This will help to ensure that risk is understood and addressed at the appropriate organizational levels, and aligns our core campus priorities and values with requirements and principles from UC’s Electronic Information Security Policy, IS-3.  

Berkeley empowers engaged thinkers and global citizens to change our world.

  • Implementation of IS-3, UC’s Electronic Information Security Policy, will support the campus’ ability to more effectively manage cyber risk. This in turn supports our students, faculty, and researchers’ ability to pursue inquiry, discovery, and creative expression, to discover and create, and engage beyond the campus. This implementation project is key to integrating IS-3 into UC Berkeley’s information security program.

Measures of Success:

  • Vice Chancellor for Research Office / Research IT / Information Security Office Research Security Partnership formalized; pilot research groups onboarded.    

  • 30% of campus academic and administrative units have completed all initial implementation tasks.    

  • Prioritization strategy for engaging with units formalized; Periodic review process defined and scheduled for pilot units.    

  • Processes for unit onboarding and status tracking have been operationalized.    

  • Program for ongoing engagement of security leads is in place.    

  • Campus Information Security Roles and Responsibilities Policy submitted to Compliance and Enterprise Risk Committee (CERC) for approval.

Milestones & Timeline:

Important dates and major milestones for this program through 2022. See the IS-3 Implementation Project Website for more detailed project information. All dates are estimated and may shift as this program progresses.




Operationalize processes for unit onboarding and status tracking


Produce first annual end-of-year executive summary of identified risks and trends


Complete onboarding for Sept-Nov 2021 cohort of Units 


Complete high-risk Unit engagement plan & tentative scheduling


Policy work: Submit Roles and Responsibilities Policy CERC for approval; 

Final campus approval of updated MSSND


Define goals and process for Unit periodic reviews


Streamline Unit self-assessment review and reporting processes for high-risk Units


Final campus approval for Roles and Responsibilities Policy


Complete onboarding for Feb-Apr 2022 cohort of Units


VCRO/RIT/ISO Research Security Partnership formalized; pilot research groups onboarded


Expand program for ongoing engagement of Unit Information Security Leads (UISLs)


Complete pilot unfacilitated periodic review for Pilot Units and early adopters


Complete onboarding for Jun-Aug 2022 cohort of Units


Produce annual end-of-year executive summary of identified risks and trends


Define goals & one-time onboarding process for low-risk Units


Complete onboarding for Oct-Dec 2022 cohort of Units


Begin onboarding low-risk Units and operationalize periodic review process

Team Members & Roles:

Allison Henry - CISO and Executive Sponsor Priority Lead

Charron Andrus - Deputy CISO

Saskia Etling - Development Technical Lead

Julie Goldstein - Functional Lead

Casey Hennig - Communications Lead

Josh Kwan - Assessment Team Lead

Yoshita Mukherjee - Project Manager