1、Julie Goldsteinjuliegberkeley.eduUC Berkeleys IS-3 Risk Assessment JourneyAgendaIntro and BackgroundTrip ReportPreparing for the JourneyThe JourneyLooking Forward to the Next JourneyIf time:Pit Stops,Detours,Twists,and TurnsIntro and BackgroundIntroWhy did we embark on this journey?Update to IS-3 in
2、 late 2018Major updateLots of ripple effects to UC Berkeleys information security program and policiesIS-3 Foundational ElementsFocus on risk management;risk assessment is keyUnit Head and UISL roles and responsibilities Units are responsible for managing their own risk Trip ReportTrip Report-By the
3、 Numbers1 year 4.5 year 5.5 year project:2019-Oct 202484 academic and administrative unitsIdentified and met with every UH and UISL95 unit self-assessments completed and reports issuedPeriodic Review:36 self-assessments updated(round 2(and 3)100%completion rate for initial risk assessments;97%comple
4、tion for round 2&3(all but one unit)Trip Report-Risk Assessment ProcessIdentify units in the cohortUnit Head Orientations;designation of UISL(s)UISL Kickoff Meetings:Project overview&tools demo UISLs coordinate completion of initial tasks(6-8 wks)Complete Unit Self-AssessmentReview registrations and
5、 security metrics dashboards in campus asset registration systemRisk reporting(6-8 wks)ISO issues Self-Assessment report/recommendationsUISLs review Self-Assessment results with Unit HeadsUnit Head acks recommendations via docusignUnit is“onboarded”.Move to ongoing engagement,periodic review,focus o
6、n incremental improvement over timePreparing for the JourneyChartering the ProjectFormal project charter-initiated by CISOEstablished CISO supportVehicle for Executive support and sponsorshipExecutive buy-in and awareness at all levelsOh so many road shows!Chancellors Cabinet,CIT,CAOs,IRGC,One-IT An