A message from Larry Conrad, AVC-IT & CIO
I want to update all of you about a couple changes I’m making.
As many of you recognize, the Administration and Finance division has been pursuing an aggressive modernizing of the University’s enterprise applications. Much has already been accomplished, but there is much yet that remains to be done. Candidly, some of the implementations have gone better than others. As I’ve reviewed the history, it seems clear we can do a better job helping our customers plan and coordinate major changes. This is not a criticism of past efforts on these system implementations, which has been tremendous and in some instances heroic. But rather, it is recognition that we can better serve our Administration and Finance customers by helping them be more plan-full in their approach and in better coordinating how changes are rolled out to the Berkeley campus. I’ve initiated a discussion about all this with the Administration and Finance leadership team and an effort is underway to more definitively prioritize and coordinate all of the significant applications projects we’re planning. I’ve asked Lyle Nevels to serve in an overall coordination capacity for all Administration and Finance initiatives. As part of that, JR Schulden and her team have been reassigned to report to Lyle.
In addition, many of you have heard me say I believe we need to “up our game” in regards to information security here at Berkeley. The present program in SNS has been terrific and well done. However, it’s time we broaden our approach beyond protecting the network with an additional focus on protecting University data. Consequently, I’m establishing a Chief Information Security Officer position reporting directly to me. I’ve asked Paul Rivers to serve in an Interim capacity in this position. The CISO’s direct reports include all of the existing SNS team members presently in IST Telecomm and will comprise the newly formed Information Security team. Paul and I have developed a proposed updated formal information security strategy ( https://security.berkeley.edu/strategy-draft) which we are beginning to vet with the campus community. Please let Paul (firstname.lastname@example.org) and me know if you have any feedback or suggestions. We will need to build on and leverage the partnerships we’ve already established with the campus community for information security.
Part of establishing a CISO position is a rethinking of the former Chief Information Security and Privacy Officer role, which has been vacant for some time. I don’t think it makes sense to have a joint role as previously defined. My view is that information security is fundamentally a risk management/technology function while information privacy is fundamentally a cultural/philosophical function. The two meet at the policy level, but I see the two functions as very different needing different backgrounds. Linda Williams in the University’s Compliance Office and I have agreed to an approach that will have the privacy function in her office and the security function in mine.
Please let me know if any of you have questions about these changes.