There will be some changes coming to information security policies at Berkeley brought on by a major update to the UC systemwide information security policy (IS-3). The revision brings sweeping changes to the way information security risk is handled on Campus.
What to Expect:
The Information Security Office (ISO) is currently updating and developing several foundational information security Standards and Policies. “Working drafts” and/or final versions (as noted) of the following documents are live and available at: https://security.berkeley.edu/policy/policy-catalog.
-
UC Berkeley's Data Classification Standard (approved update posted)
-
Minimum Security Standards for Networked Devices (MSSND) (draft update posted)
-
New Roles and Responsibilities Policy (new - draft posted)
-
Information Security Policy Exception Process (approved update posted)
-
Campus Incident Response Plan (update pending)
Alignment with new UC Data Protection Levels
The IS-3 update affects the classification and mitigating controls of Protected Data. ISO is integrating these changes into UC Berkeley’s information security program in two phases:
First, ISO is changing the Data Protection Level numbering system to align with the new UC Protection Levels. You will start seeing these number changes reflected on the ISO website. In the second phase, ISO will review and update controls and requirements for each classification level.
Where to Learn More:
-
ISO IS-3 Informational Page: https://security.berkeley.edu/IS-3-informational-page
-
Join our Information Security Workgroup: https://security.berkeley.edu/resources/mailing-lists-workgroups
-
Review the Minimum Security Standards for Electronic Information (MSSEI) “Quick Fix” to see the UC and UCB Protection Levels side-by-side https://security.berkeley.edu/minimum-security-standards-electronic-information
-
If you have additional questions, please email security@berkeley.edu