Cyber Risk Management Program

Welcome to UC Berkeley’s Cyber Risk Management Program service page. Berkeley’s Cyber Risk Management Program is a holistic program to help Units manage cyber risk as well as compliance with IS-3, UC's systemwide electronic information security policy. 

Here you will find information and resources to help your Unit with its ongoing cyber risk management and annual IS-3 review.  

Jump to: Key Program Principles | Annual Review Process | Annual Theme

Security is a shared responsibility; everyone has a role. Focus on risk management; risk assessment is key. Units are responsible for managing their info security risk. Protection & Availability Levels inform risk level & controls.

Annual Review Process

Annual:
Socreg Review

Annual:
Update Unit Work Plan

As Scheduled:
Review Unit Self-Assessment 

All Units

All Units

Scheduled Units Only (revised schedule coming soon)

Annual, spring semester*
*NOTE: moved to October for 2025 due to other priority security initiative deadlines in the spring.

Annual, timing determined by Unit

Every 2-5 years (revised schedule coming soon)

Each year, Unit Information Security Leads (UISLs) will be asked to work with their Security Contacts and/or IT Client Services to confirm that their Unit’s information and registrations in Socreg are correct and current. UISLs will complete a simple attestation to confirm that this has happened.

As a Unit, determine what information security-related work or improvements to prioritize for the next year. 

  • An annual toolkit will be developed to help Units with this process

  • Units completing their self-assessment review will also have a customized report from the Information Security Office to help identify areas of focus.

Units will review and update their IS-3 self-assessment approximately every 2-5 years according to the projected schedule that will be posted above. 

Higher risk Units will complete this review more frequently than lower risk Units. Since risk level may change over time, the projected review schedule is also subject to change.

The Information Security Office will reach out to Units to help initiate and support this work.

Annual Theme

Each year, the Cyber Risk management Program will highlight a different IS-3-related risk area each year and provide tools and resources to help units with cybersecurity and compliance in that area.

The goal of each annual theme is to provide understandable and actionable tools, guidance, and resources to assist units in improving their security posture and increasing security awareness and compliance.

Visit the IS-3 Annual Themes webpage for current and past themes.

Logins

Isora unit self-assessment

Socreg

Getting Help

Email the Information Security Office IS-3 team at: is3@berkeley.edu

-or-

Contact IT Client Services (include "IS-3 Assistance" in the subject line)

Quick Links

Self-Assessment Cheat Sheets

Topics