Detailed Milestones & Timeline
Important dates and major milestones for this program. All dates are estimated, and information may shift as our program advances.
Berkeley Security Software
UC Berkeley has identified two industry-standard security tools to deploy to university-owned computers. Our Berkeley Security Software identifies assets, manages vulnerabilities, and provides more robust security services using Endpoint Detection and Response (EDR) software.
Milestones:
| Month |
Activity |
| November |
Develop self-service installers so users can download the software on university-owned machines
|
| December |
Run Pilot with select Units to identify and fix potential problems before rolling out to larger campus
|
| January |
Incorporate feedback from Pilot
Phased Campus Rollout - Unit Engagement Schedule (CalNet Authentication Needed)
Deploy EDR for non-centrally-managed servers
|
| May |
Reporting on unit compliance
Development of enforcement mechanisms
|
Cybersecurity Awareness Training
UC Berkeley’s mandatory Annual Cybersecurity Awareness Training equips faculty, staff, and student workers with critical skills to combat threats like phishing and stolen credentials. Delivered online, this refresher provides important cybersecurity updates and reminders, ensures compliance, and promotes a secure environment for institutional data.
Milestones:
| Month |
Activity |
| October |
Draft Project Charter
Identify populations and current compliance rate
Communications plan and awareness campaigns
|
| November |
Engagement with People & Culture to clean up appointment data.
|
| January |
Develop tools for ongoing compliance enforcement
|
| May |
Reporting on training completion by staff, faculty and student workers to Supervisors and People & Culture. |
Data Loss Prevention for Health Email Systems
Data Loss Prevention (DLP) software is essential for UC Berkeley health email systems to safeguard sensitive patient information, ensure regulatory compliance, prevent costly data breaches, and maintain the integrity and trustworthiness of services. It helps monitor, detect, and block unauthorized access to or transmitting confidential data through emails.
Milestones:
| Month |
Activity |
| November |
Gather Requirements, draft Project Charter
|
| December |
Turn on DLP for health email systems users in monitor and reporting mode.
|
| January |
Review data from monitor mode, identify & fix problems
|
| February |
Pilot DLP solution
Update the current training materials to include DLP guidelines
|
| March |
User Training
|
| April |
Full deployment to health email systems
|
Multi-factor Authentication (MFA) Security Improvements
To reduce attempts to bypass two-step protections through “push fatigue” and “push harassment” attacks, we are strengthening the methods for CalNet MFA verification and widening the scope of users required to use MFA to access Berkeley services.
Alumni Digital Experience
We successfully deployed, enabled, and configured multifactor authentication (MFA) to all Alumni Accounts. Berkeley now has 100 percent of campus and health email systems in conformance with established UC MFA configuration standards.
MFA Security - Risk-based Authentication
Several higher education institutions have experienced phishing attacks, which resulted in the theft of credentials and redirection of paycheck deposits. Berkeley is committed to keeping our community safe from such attacks. Therefore, we are strengthening our multi-factor authentication (MFA) protections and using a risk-based approach for CalNet MFA verification. Visit our New MFA Security Enhancements page for more details.
Milestones:
| Month |
Activity |
| January |
Turn on Verified Push and test with internal IT groups
|
| February |
Run full pilot with project
|
| March |
Turn off SMS and move users to enhanced methods and complete project
|
