Information Technology Policy and Security Community of Interest
The UC Information Technology Policy and Security (ITPS) group is a community supported by the Systemwide CISO’s office. This systemwide group is open to all UC information security professionals, all UC Workforce members who have information security as a portion of their job responsibilities and anyone at UC who is interested in cybersecurity.
ITPS focuses on sharing information related to cyber security programs, case studies, risk management, initiatives, threat briefings and training. For 10 months of the year, the group meets on the second Wednesday of the month from 9:00 - 10 am. Attending the monthly calls is a good way to stay informed on UC initiatives and to hear case studies from peers throughout UC.
Get Involved
The ITPS Listserv is an active community where members exchange ideas and ask questions. To join the listserv or inquire about speaking at an ITPS meeting or suggest a topic, please contact Wendy Rager, Cyber-risk Coordination Center Manager. Your involvement will contribute to the vibrant discussions in our community!
ITPS Calendar 2025
Scientific research has traditionally been carried out in an environment of openness. However, various concerns have led to increased regulations aimed at securing research data recently. Cybersecurity requirements increasingly find their way into requests for external data, grants, contracts, and data use agreements. This resulted in a need for IT Subject Matter Expert review of cybersecurity clauses in sponsored project awards.
UCSF developed a new Standard Operating Procedure, a joint effort between the School of Medicine Cybersecurity Team and the Office of Sponsored Research. After a review of the award acceptance process, it was determined that responsibility lies with Contracts and Grants Officers to identify award terms such as the DFAR 252.204-2017 and FAR 52.204-21 clauses, NIST and FISMA requirements, NIH Genomic Controlled-Access Data Repositories, and other terms in awards that require heightened IT security for the project data. The new SOP details the communication channel between the C&G Officer and the Cybersecurity Team when these clauses are present, and it has also triggered new fields and questions being added to our internal proposal and award systems, which allow for reporting and to confirm compliance. We have found that following this process over the last year has resulted in a more organized, comprehensive review process for ensuring that project data is appropriately handled per the award’s requirements.
Although this process currently relies on manual review by C&G Officers, we hope we will soon be able to use AI to review awards for these clauses. We are also working on developing stronger guidance for budgeting for IT security costs at the proposal stage.
In partnership with the entire campus community, the Information Security Office at UC Berkeley completed a 4.5-year initiative to integrate all central IT, academic and administrative units into the campus IS-3 cyber risk management program. This presentation will introduce the program and share the latest updates.
Description: Artificial intelligence (AI) is rapidly changing the cybersecurity landscape. This session dives into the dual nature of AI, examining its use in both offensive (red team) and defensive (blue team) strategies. We'll demonstrate real-world examples of AI weaponization by attackers and explore how AI-powered tools are fortifying defenses. Following the demonstration, Mandiant will host a Q&A session for participants.
Outcomes: After this session, attendees will be able to:
• Identify how AI is being used in the latest cyber threats.
• Understand the benefits of integrating AI into their security defenses.
• Enhance their threat detection and incident response capabilities using AI-powered tools and techniques.