Guideline

IT Email Communications Best Practices

Email communication theory is largely different from email communication reality. If messages include phishy email characteristics they can be skipped over and miss their intended audience. Plus, they cause concern for the reader who, instead of focusing on the message, focuses on the sanctity of the email.

Mass Email Communication Guideline

Mass email communications have a higher bar to clear in order not to get blocked by spam filters. Messages can miss the intended audience if they include phishy email characteristics. By following these rules you help ensure campus email recipients remain sensitized to characteristics that are typical of phishing messages and reduce the chance that your message gets blocked.  

Communicators should follow these basic guidelines to help messages from being blocked:  

Secure Coding Practice Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for application software security requirements.

Administering Appropriate Use of Campus Computing and Network Services

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Incident Response Planning Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for incident response requirements.

Authenticated Scans Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for continuous vulnerability assessment and remediation.

Security Audit Logging Guideline

Requirement

Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.

Description of Risk

Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive.

Guidelines for Use of Campus Network Data Reports

Campus network data reports may be sent to campus departments by Network Operations and Services (NOS) or the Information Security Office (ISO), either because operational or security issues have been observed, or when otherwise requested by the departments. This access is given on the condition that the use of the data must respect all governing laws and policies. In particular, its use must comply with the University's firmly-held principles of academic freedom and shared governance, freedom of speech, and privacy, within the context of the University's legal and other obligations.

Security Audit Log Analysis Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for audit logging requirements.

Requirement

Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.