IR&C - Information Security at the Office of the President

Information Security at the Office of the President

The Office of the President seeks to provide a secure technical environment that protects UC's information assets and minimizes disruption to business processes. All members of the UCOP community have obligations to assist in safeguarding electronic resources over which they have control.

Protect Information Assets

Secure Your Computer

Report Security Incidents

Protect Restricted Data

Unsafe Practices

UCOP Policies

Universitywide Policies

IR&C Security Initiative

Support Contacts

About This Site

Security Web Home

Security is Everyone's Responsibility

Associate Vice President - Information Resources and Communications directs information security planning at the Office of the President.

Each UCOP division head ensures that departments establish and follow information security plans.

Each UCOP department head has responsibility, delegated as appropriate within the department,

to ensure that employees in the department abide by the UCOP Guidelines for Protecting Information Assets;
to conduct
- a formal risk assessment of programs that are supported by comprehensive IT systems, and/or
- a security review of departmental IT supported administrative activities;
to establish an information security plan that

identifies the individual(s) responsible for security,
establishes procedures for reporting suspicion or detection of compromised computers,
implements controls to safeguard equipment and data,
ensures appropriate security education and training for all employees;

to conduct business continuity planning and contingency planning; and
to ensure employees receive security awareness training.

A checklist is available to assist departments in fulfilling their information security responsibilities.

Each UCOP employee who accesses and uses UCOP electronic information resources must be informed about applicable University information protection policies,

protect the electronic information resources under his or her control, such as using appropriate passwords and minimizing the exposure of sensitive data to unauthorized personnel (see Guidelines for Protecting Information Assets), and
report suspicion or detection of a compromised computer.

Each technical employee, such as those who design, manage, and operate electronic information resources, must:

implement security measures identified in the departmental information security plan,
be knowledgeable about information security requirements and guidelines relevant to the department, and
report suspicion or detection of compromised computers in accordance with the departmental information security plan.

Please submit your questions, comments, and suggestions at feedback.html