Guideline

Data Access Agreement Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance to assist with achieving requirement 15.4, Data Access Agreement.

Data Encryption in Transit Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance to assist with achieving the Data Encryption in Transit requirement.

Requirements

Resource Custodians and anyone moving covered data through a network must use secure, authenticated, and industry-accepted encryption mechanisms. 

IT Email Communications Best Practices

Email communication theory is largely different from email communication reality. If messages include phishy email characteristics they can be skipped over and miss their intended audience. Plus, they cause concern for the reader who, instead of focusing on the message, focuses on the sanctity of the email.

Mass Email Communication Guideline

Mass email communications have a higher bar to clear in order not to get blocked by spam filters. Messages can miss the intended audience if they include phishy email characteristics. By following these rules you help ensure campus email recipients remain sensitized to characteristics that are typical of phishing messages and reduce the chance that your message gets blocked.  

Communicators should follow these basic guidelines to help messages from being blocked:  

Secure Coding Practice Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for application software security requirements.

Administering Appropriate Use of Campus Computing and Network Services

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Incident Response Planning Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for incident response requirements.

Authenticated Scans Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for continuous vulnerability assessment and remediation.

Security Audit Logging Guideline

Requirement

Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.

Description of Risk

Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive.