Cyber Risk Management Program

Welcome to UC Berkeley’s Cyber Risk Management Program service page. Berkeley’s Cyber Risk Management Program is a holistic program to help Units manage cyber risk as well as compliance with IS-3, UC's systemwide electronic information security policy. 

Here you will find information and resources to help your Unit with its ongoing cyber risk management and annual IS-3 review.  

IS-3 Program Principles - details in caption

Caption - Key Program Principles:

  • Security is a shared responsibility: everyone has a role
  • Focus on risk management; risk assessment is key
  • Units are responsible for managing their own information security risk
  • Protection Level and Availability Level inform risk level and controls

Annual Review Process

Annual: Socreg Review

Annual: Update Unit Work Plan

As Scheduled: Review Unit Self-Assessment 

All Units

All Units

Scheduled Units Only

Annual, exact timing TBD

Annual

Every 2-5 years (see schedule)

Each year, Unit Information Security Leads (UISLs) will be asked to work with their Security Contacts and/or IT Client Services to confirm that their Unit’s information and registrations in Socreg are correct and current. UISLs will complete a simple attestation to confirm that this has happened.

As a Unit, determine what information security-related work or improvements to prioritize for the next year. 

  • An annual toolkit will be developed to help Units with this process

  • Units completing their self-assessment review will also have a customized report from the Information Security Office to help identify areas of focus.

Units will review and update their IS-3 self-assessment approximately every 2-5 years according to the projected schedule on the page linked above. 

Higher risk Units will generally complete this review more frequently than lower risk Units. Since risk level may change over time, the projected review schedule is also subject to change.

The Information Security Office will reach out to Units to help initiate and support this work.

Logins

Isora unit self-assessment

Socreg

Getting Help

Email the Information Security Office IS-3 team at: is3@berkeley.edu

-or-

Contact IT Client Services (include "IS-3 Assistance" in the subject line)

Quick Links

Self-Assessment Cheat Sheets

Topics