The Information Security Office currently has two policies in Campus review until mid-June. We invite comments on the proposed new Roles and Responsibilities Policy and our Minimum Security Standards for Networked Devices (MSSND) Draft.
This Roles and Responsibilities Policy consolidates information security-related roles and responsibilities from UC Berkeley and UC’s systemwide Electronic Information Security Policy, IS-3. This new policy specifically addresses the definition, identification, and clarification of roles and responsibilities at UC Berkeley with respect to the security and protection of institutional information and IT resources. The policy was drafted to be consistent with existing information security-related roles and responsibilities at UC Berkeley and incorporates key responsibilities identified in IS-3.
Revisions are also proposed to the Minimum Security Standards for Networked Devices (MSSND). The update incorporates elements from UC’s systemwide Electronic Information Security Policy, IS-3, and brings the Standard into alignment with current industry best practices. This standard applies to all UC Berkeley IT Resources and all devices, independent of their location or ownership, when connected to a UC Berkeley network, or when storing, processing, or accessing Institutional Information hosted at any location.
A summary of the key changes is also available