Security is everyone’s responsibility.
This has always been true, but what does it actually mean for you, personally, as part of the UC Berkeley community?
UC Berkeley’s Roles and Responsibilities Policy identifies specific roles and responsibilities for protecting UC IT resources and information. It brings together responsibilities from a variety of UC Berkeley and University of California Policies so everything is in one place.
Who Is Affected by the Policy
Everyone has a role -- maybe even more than one -- based on your relationship with the university. Responsibilities range from protecting one's own passphrase to managing security controls for a large system, an entire Unit, or even the Campus.
Who Administers the Policy
UC Berkeley’s Roles and Responsibilities Policy (Full title: Roles and Responsibilities for the Protection of University Institutional Information and IT Resources) is issued under the authority of the Associate Vice Chancellor for Information Technology and Chief Information Officer. Questions about the Policy may be directed to the Information Security Office: security-policy@berkeley.edu.
Key Responsibilities for Everyone
1. Practice good cyber hygiene:
- Keep your devices and applications patched and up to date
- Use strong, unique passphrases -- make them long, complex, or both. UC Berkeley has free LastPass Premium(link is external)(link is external) for all current students, faculty, and staff!
- Secure all devices with a strong password or PIN, and set them to lock after a few minutes of inactivity (15 min max, shorter is better)
- Turn on built-in anti-malware software and firewall
- Back up important files and data
- Use separate accounts for privileged (administrator) and non-privileged (user) access
2. Report security incidents
- It is important that actual or suspected security incidents are reported as early as possible so that campus can limit the damage and cost of recovery.
3. Respond to security notices
- If you receive a security notice from the Information Security Office, read the email carefully and follow the instructions. Additionally, you can review our "Respond to a Security notice" page for more information.