To better protect UC information and systems from growing cyber threats, the UC President has called on all UC campuses to comply with new security requirements and introduced consequences if they are not met by May 28, 2025. Berkeley has a Cyber Risk Management Program in motion to safeguard data and systems. However, the UC President's letter has increased the urgency for its implementation.
Multiple projects have been created under the Information Security Investment Program to comply with the new security requirements. The combined benefits of these efforts will include increased protection of our vital information and systems, a strengthened cybersecurity posture, and a mitigated cybersecurity risk profile.
These goals are outlined in the letter from UC President Drake:
| Technology IN SCOPE | Technology OUT OF SCOPE |
|
|
Improving our overall cybersecurity posture involves coordinating our projects, carefully considering project dependencies, and sequencing rollout to minimize disruption to the campus community.
Important dates and major milestones for this program. See individual project pages for more detailed information. All dates are estimated, and information may shift as this program and the suite of projects progress.
We successfully deployed, enabled, and configured multifactor authentication (MFA) to all Alumni Accounts. Berkeley now has 100 percent of campus and health email systems in conformance with established UC MFA configuration standards.
UC Berkeley has identified two industry-standard security tools to deploy to university-owned desktops, laptops, and servers. Our Berkeley Security Software ensures identification and vulnerability management using BigFix, and UC-approved Endpoint Detection and Response (EDR) software with Trellix HX. The software enables our campus to comply with the new security requirements laid out by the UC President.
| Milestone: | Completion Date: |
| Develop Windows self-service installer | 10/31/24 |
| Develop macOS self-installer | 11/30/24 |
| Develop and refine dashboard for compliance for Security Leads | 11/30/24 |
| Complete documentation for installers and dashboard | 11/30/24 |
| Run pilot with select Units | 12/31/24 |
|
Develop and publish Unit adoption Schedule |
12/31/24 |
|
Rollout software across campus |
5/30/25 |
| Provide software for unmanaged servers | 05/30/25 |
| Develop reporting for unit compliance | 05/30/25 |
| Develop privacy compliance enforcement mechanism | 05/30/25 |
In response to growing security threats, a security awareness training program has been created for UC staff, faculty, and student workers. It is crucial for every member of the University community to safeguard the information entrusted to us. Regular cybersecurity training is essential to reduce phishing attacks and stolen credentials, which are top threats to our online security.
| Milestone: | Completion Date: |
| Identify populations and current compliance rate | 10/18/24 |
| Communications plan and awareness campaigns | 10/31/24 |
| Review & Prepare RAID Log | 10/31/24 |
| Document High Level Requirements |
10/31/24 |
| Engagement to clean up staff appointments |
10/31/24 |
| Tools for compliance enforcement | 12/31/24 |
| Training completion | 02/28/25 |
Data Loss Prevention (DLP) software is essential for UC Berkeley health systems to safeguard sensitive patient information, ensure regulatory compliance, prevent costly data breaches, and maintain the integrity and trustworthiness of services. It helps monitor, detect, and block unauthorized access to or transmission of confidential data.
| Milestone: | Completion Date: |
| Gather Requirements | 11/29/24 |
| Configure DLP solution for testing for all health email systems | 12/20/24 |
| Technical Testing & Remediation | 01/31/25 |
| Pilot | 02/28/25 |
| Enhance the current training materials to incorporate DLP and email protection | 02/28/25 |
| User Training | 03/31/25 |
| Deployment | 04/30/25 |