Cyber-Risk Governance
UC’s president has directed the University’s ten Chancellors, the Director of the Lawrence Berkeley National Laboratory, and Vice President of the Division of Agriculture and Natural Resources (ANR) to appoint a single executive who will coordinate and be responsible for efforts to strengthen cybersecurity at that executive’s respective location. For purposes of these responsibilities, the executive must directly report to the Chancellor, Director, or Vice President of ANR and is subject to the supervision of the Chancellor, Director, or Vice President of ANR. In addition, the President’s directive lists certain responsibilities that will be assumed by the appointed executive. These executives are the called “Cyber-risk Responsible Executives or CREs.
UC executive leadership and the CREs are joined by faculty representatives and outside advisors to form UC’s Cyber-risk Governance Committee or CRGC. The group meets quarterly, and outside advisors join two of the four meetings each year.
The pervasiveness and evolving nature of cyber threats requires a risk-based approach to cybersecurity, which allows CRGC to develop an effective management approach and prepare for overall security needs.