当前位置:首页 > 报告详情

加州大学伯克利分校的 IS-3 风险评估之旅.pdf

上传人: 鲁** 编号:615439 2025-03-03 45页 3.36MB

1、Julie Goldsteinjuliegberkeley.eduUC Berkeleys IS-3 Risk Assessment JourneyAgendaIntro and BackgroundTrip ReportPreparing for the JourneyThe JourneyLooking Forward to the Next JourneyIf time:Pit Stops,Detours,Twists,and TurnsIntro and BackgroundIntroWhy did we embark on this journey?Update to IS-3 in

2、 late 2018Major updateLots of ripple effects to UC Berkeleys information security program and policiesIS-3 Foundational ElementsFocus on risk management;risk assessment is keyUnit Head and UISL roles and responsibilities Units are responsible for managing their own risk Trip ReportTrip Report-By the

3、 Numbers1 year 4.5 year 5.5 year project:2019-Oct 202484 academic and administrative unitsIdentified and met with every UH and UISL95 unit self-assessments completed and reports issuedPeriodic Review:36 self-assessments updated(round 2(and 3)100%completion rate for initial risk assessments;97%comple

4、tion for round 2&3(all but one unit)Trip Report-Risk Assessment ProcessIdentify units in the cohortUnit Head Orientations;designation of UISL(s)UISL Kickoff Meetings:Project overview&tools demo UISLs coordinate completion of initial tasks(6-8 wks)Complete Unit Self-AssessmentReview registrations and

5、 security metrics dashboards in campus asset registration systemRisk reporting(6-8 wks)ISO issues Self-Assessment report/recommendationsUISLs review Self-Assessment results with Unit HeadsUnit Head acks recommendations via docusignUnit is“onboarded”.Move to ongoing engagement,periodic review,focus o

6、n incremental improvement over timePreparing for the JourneyChartering the ProjectFormal project charter-initiated by CISOEstablished CISO supportVehicle for Executive support and sponsorshipExecutive buy-in and awareness at all levelsOh so many road shows!Chancellors Cabinet,CIT,CAOs,IRGC,One-IT An

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了加州大学伯克利分校(UC Berkeley)的IS-3风险评估项目。该项目旨在通过风险管理,提高信息安全管理水平,主要分为四个阶段:项目启动、准备阶段、实施阶段和未来发展。项目启动阶段,成立了由CISO领导的项目团队,明确了执行风险评估的目标和责任。准备阶段包括项目章程的制定、风险评估问卷的设计以及风险评估工具的选择。实施阶段详细描述了如何进行风险评估,包括确定单位、为单位负责人提供培训、完成自我评估报告以及风险报告等步骤。未来发展阶段,提出了持续改进和优化项目的计划,如年度风险评估、定期更新风险评估以及提高单位信息安全管理水平等。项目取得了显著成果,如所有单位均完成了风险评估,高风险单位优先进行了评估。项目团队还面临一些挑战,如调度问题、资源不足等,但他们通过不断调整和优化项目计划,克服了这些困难。总之,IS-3风险评估项目在提高UC Berkeley信息安全管理方面发挥了重要作用,未来将继续为校园提供支持。
"UC Berkeley的IS-3风险评估之旅" "如何通过风险评估提高信息安全意识" "Berkeley的风险评估工具和流程揭秘"
客服
商务合作
小程序
服务号
折叠