Guideline

Email Oops, and How to Avoid Them

Overview

Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can often be our own worst enemy when using it. Here are the four most common mistakes people make with email and how to avoid them.

Autocomplete

Autocomplete is a common feature in most email clients. As you type the name of the person you want to email, your email...

Secure Coding Practice Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for application software security requirements.

Requirement

Resource Proprietors and Resource Custodians must ensure that secure coding practices, including security training and reviews, are incorporated into each phase of the...

Authenticated Scans Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for continuous vulnerability assessment and remediation.

Requirement

Resource Custodians must implement authenticated scans for vulnerability assessment for core systems. Campus-provided scanning resources and campus-...

Security Audit Logging Guideline

Requirement

Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.

Description of Risk

Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive.

Recommendations

Regular log collection is critical to understanding the nature of security incidents during an active investigation and post mortem analysis. Logs are also useful for establishing...

Security Audit Log Analysis Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for audit logging requirements.

Requirement

Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.

Description of Risk

Without appropriate...

Intrusion Detection Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to meet continuous vulnerability assessment and remediation requirements.

Requirement

Resource Custodians must continuously monitor for signs of attack and compromise on all covered devices....

Block Auto-run on Removable Devices Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to meetmalware defenses requirement.

Requirement

Resource Custodians must configure covered systems to not auto-run content from removable or remotely-mounted media.

Description of Risk

...

Secure Device Configuration Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving requirement 3.1, Secure Device Configuration.

Requirement

Resource Custodians must utilize well-managed security configurations for hardware, software, and operating systems based on an industry...

Need to Know Access Control Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance forcontrolled access based on need-to-know requirements.

Requirement

Resource Proprietors must control access to covered data and regularly review access permissions to allow use of and access to covered data only where...

Commercial Software Assessment Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for meeting application software security requirements.

Requirement

Resource Proprietors and Resource Custodians must validate that commercial software meets security criteria used by the...