Unit Head
As a leader, you set the tone for making cybersecurity a priority in your organization. Your role includes overseeing the execution of UC’s Information Security Policy and making budget decisions that help ensure the right resources are in place to protect UC’s Institutional Information and IT Resources.
Your checklist includes the following steps:
- Set an example by following minimum security standards for basic cyber hygiene practices at UC. Make sure your Unit is managing cyber risk and compliance.
- Budget appropriately. Allocate sufficient budget to manage risks related to the operation of your Unit. If you’re concerned about having adequate budget to do so, connect with your Location Chief Information Security Officer (CISO) and Cyber-risk Responsible Executive (CRE).
- Delegate tactical responsibilities. Assign one or more team members to the role of Unit Information Security Lead. See Part IV: Roles and Responsibilities for more specifics on this role. Make sure responsibilities are clear and unambiguous. Make sure internal Service Providers and/or Suppliers clearly understand their responsibilities.
- Stay connected. Keep up with cybersecurity efforts by setting up regular touch-bases with your Unit Information Security Lead. Look for communications from your Location’s CRE and CISO.
- Ensure Risk Assessments and Risk Treatment Plans are up to date. Make sure you understand the risks related to your operations. Are you confident your Unit has adequately addressed cybersecurity risks? Can your Unit detect and recover from an attack?
- Report events. Any Security Events, non-compliance issues or cybersecurity concerns should be reported to the CISO. Make sure your Unit knows to notify you in the event of a suspected or confirmed security incident.
- Manage suppliers responsibly. If you work with external suppliers in any capacity, make sure they review UC's Information Security Policy and comply with all applicable requirements. See Section 15: Supplier Relationships in the policy for a list of specific tasks and considerations for external Suppliers.