Information Security Strategy FY 2013-2014 Draft for Review

July 5, 2013

A draft of a proposed updated campus information security strategy is now available for review.  The draft document is attached in both MS Word and PDF formats at the bottom of this page.

We welcome your comments and discussion!  Please send feedback to Paul Rivers ( or Larry Conrad (

The strategy outlines the case for expanding security efforts from that of monitoring system and network security, to a more comprehensive information security program capable of addressing the increasing threats to the data layer and the new risks presented by cloud and mobile computing.  

The mission of information security for the campus is now to focus on risk management for Berkeley's information systems, and direct campus efforts to adequately secure institutional data and other campus IT resources.

The five objectives for FY 2013-2014 are:

  1. Policy: Extend the information security policy base to provide adequate coverage of all essential information security topics.
  2. Data asset inventory: Implement a collection of ongoing methods to identify and maintain an accurate asset inventory of critical information systems.
  3. Assessment of the data layer: Evaluate critical information systems to identify security and compliance risks and ensure the risks are addressed by the units responsible.
  4. Operational improvements: Re-design security operations to align with new policy and allow the rapid adoption of new security event detection methods.
  5. Ongoing security operations: Provide information to campus about and track the status of security threats, vulnerabilities and incidents.

A high level summary of funded and planned supporting projects is given, along with a new and expanded internal structure of the security unit to support these initiatives.

Download PDF:

Download Word document: