Information Technology Policy and Security Community of Interest
The UC Information Technology Policy and Security (ITPS) group is a community supported by the Systemwide CISO’s office. This systemwide group is open to all UC information security professionals, all UC Workforce members who have information security as a portion of their job responsibilities and anyone at UC who is interested in cybersecurity.
ITPS focuses on sharing information related to cyber security programs, case studies, risk management, initiatives, threat briefings and training. For 10 months of the year, the group meets on the second Wednesday of the month from 9:00 - 10 am. Attending the monthly calls is a good way to stay informed on UC initiatives and to hear case studies from peers throughout UC.
Get Involved
The ITPS Listserv is an active community where members exchange ideas and ask questions. To join the listserv or inquire about speaking at an ITPS meeting or suggest a topic, please contact Wendy Rager, Cyber-risk Coordination Center Manager. Your involvement will contribute to the vibrant discussions in our community!
ITPS Calendar 2024
SOCK, serves as a pivotal asset management and security notification platform at UC Berkeley. Developed in-house by the university’s Information Security Office, SOCK is designed to streamline the alignment of security operations with comprehensive IT policies and regulations. By facilitating the centralized registration, management, and monitoring of IT resources, SOCK empowers Berkeley's departments and security contacts to maintain a robust security posture.
Moreover, SOCK integrates seamlessly with Berkeley's policy framework, enabling the university to swiftly adapt to evolving security landscapes. It acts as a bridge between policy mandates and operational practices, ensuring that asset management and security notifications are not just reactive but proactive measures of defense. Through real-time alerts and a comprehensive overview of the institution's digital assets, SOCK enhances the ability of UC Berkeley to enforce policy adherence, mitigate risks, and safeguard its vast informational assets against potential threats.
A presentation on logging and monitoring approaches for compliance, cybersecurity and quality IT operations with business-focused cost efficiencies in mind. The presentation will discuss logging and monitoring concepts and approaches within academic and health care environments. Also covered will be the shared goals of compliance, cybersecurity and quality IT operations while overlaying IS-3 policy, regulatory requirements, and cybersecurity best practice to help teams shape and mature logging and monitoring architectures and practice.
The digital landscape is changing - big time. It’s increasingly recognized that an “aware” workforce isn’t enough. In this engaging talk we’ll explore how technological developments such as AI, changes in regulatory landscape, and the evolution of industry standards and frameworks are all combining to fundamentally transform the field that used to be called “security awareness.” Oz Alashe, MBE, an industry expert in Human Risk Management and CEO of CybSafe, will discuss how science, research, and data analytics have changed the way human risk is managed and what this means for trust, security, and risk professionals in 2024 and beyond.
Privacy, AI and Education Updates:
- Definitions and review of concepts
- Risk identification; AI risks to individuals
- UC Responsible AI principles
- A few privacy considerations
- Privacy in AI Governance; other stakeholders
- Privacy education update
Speakers from across the system presented a variety of updates:
- Hoyt Sze – UC Legal
- Gary Leonard – Risk Services
- Al Lavassani / Jenny Lofthus – Privacy, Compliance
- Greg Loge – Cyber audit services
- Roshni Pratap – IT Strategic Sourcing / Procurement Services
“Modern healthcare is hyperconnected-technology-dependent healthcare.” Dr. Dameff shares five key takeaways from his experiences and research into the intersection of healthcare and cyberattacks, providing real-world examples of impacts on patient care.
The presentation will highlight the role of the Privacy Program and how it integrates with legal compliance, information security, AI ethics, risk management, and training disciplines to enhance data protection.
UCLA Health launched an initiative to address cyber debt by blocking non-standard remote access tools and encrypted tunnel applications to medical devices. The team focused on the user experience and a series of communications to build an understanding and reach their goal of removing remote access tools in a timely manner, even receiving accolades from their users.