Shared Governance
What input do University faculty members have into the University’s cybersecurity approaches?
Academic Senate, Academic Personnel and other groups have input into the UC’s cybersecurity approaches. The Cyber Risk Governance Committee will examine significant updates or change to existing cybersecurity practice and engage in early outreach to Academic Senate representatives to facilitate additional collaboration outside the formal process.
What is the Cyber Risk Governance Committee? Why weren’t faculty Senate representatives initially appointed to participate on the committee?
The Cyber-Risk Governance Committee (CRGC) is responsible for monitoring UC’s risk profile, overseeing investment strategies, and coordinating cybersecurity efforts across the system. Additionally, the CRGC ensures that UC’s work is informed by the latest research, subject matter expertise and best practices in the cybersecurity context.
The CRGC’s work is a component of a broader UC strategy to enhance UC’s cybersecurity efforts :
- Enhanced governance
- Enhanced risk management through consistent detection, notification and remediation protocols for cybersecurity incidents;
- Adoption of modern technology including execution of a plan at each location to upgrade technology and share best practices;
- Hardened security environment through the sharing information across the system, with an emphasis on best practices and security protocols; and
- Systemwide culture change including educating our employees, staff, and students, and creating clear escalation protocols.
A Senate-designated representative was appointed to the Cyber Risk Governance Committee from its inception. More recently, in response to faculty input, the University’s cyber risk governance structure has been reconstituted to assure more active engagement of the University Committee on Academic Computing and Communications with the CRGC and to add additional Senate representatives to the CRGC.
What is the Cyber Risk Advisory Board? Who makes nominations and appointments to the Board?
The Cyber-Risk Advisory Board is an advisory body comprised of cybersecurity subject matter experts from across the UC system and externally who meet with the CRGC twice each year to provide information and advice about industry trends and best practices.
Advisory board appointments are made by the systemwide CIO, with input from the CREs and the Academic Senate, and are approved by the CRGC.
Current membership includes two outside experts (Health Information Sharing & Analysis Center (H-ISAC) and an industry consultant), and a representative from UC San Diego.
They are:
- Denise Anderson, President, Health Information Sharing & Analysis Center (H-ISAC)
- Rand Beers, former Deputy Assistant to the President and Deputy Homeland Security (DHS) Advisor and former Under Secretary for the National Protection and Programs Directorate at DHS
- Stefan Savage, Professor, Computer Science & Engineering UC San Diego
What is the University administration doing to respond to faculty concerns about systemwide TDI deployment?
The University has restructured cyber risk governance at the system level to more effectively engage the Academic Senate. UC has provided extensive information concerning the initial activation of a TDI system following the UCLA cyber attack and described to Senate representatives the planned structure for ongoing services. UC has reiterated its commitment to continue to adhere not only to its obligations under laws and regulations that govern operations, but also to the requirements of the Electronic Communications Policy.