Data Stewardship Council

UC Berkeley Data Security Resources

 

 

I.                   Determining restricted data (UC-wide)

a.       Data Management, Use, and Protection (DMUP) definition of restricted data http://datasteward.berkeley.edu/ 

b.      Campus Restricted Data List http://datasteward.berkeley.edu/RestrictedDataIntro.htm

c.       Data Proprietor Risk Assessment 

                                                               i.      Sensitivity and Criticality (See IS-3 Matrix and Check List) http://www.ucop.edu/ucophome/policies/bfb/is3.pdf

 

 

II.                Determining relationship to restricted data

a.       DMUP Roles & Responsibilities http://datasteward.berkeley.edu/DMUP.htm

                                                               i.      Administrative Official, Proprietor, Custodian, Integrator, User

b.      iNews article: Data Management, Use and Protection policy http://istpub.berkeley.edu:4201/bcc/Fall2004/dmup.html

 

 

III.             Security Requirements and Controls

                                                               i.      Establish Security Plan - http://security.berkeley.edu/MSRestricted.htm

                                                             ii.      Logical – Access controls, Firewalls, Software security patches, Encryption, etc.

                                                            iii.      Physical – Disaster Recovery, Physical Access, Theft, Damage, etc.

                                                           iv.      Managerial – Personnel authorization & authentication, Inventory, data dictionary, etc.

 

 

IV.              Evaluating Current Controls and Practices

a.       UCOP BFB IS-3(Business & Finance Bulletin) http://www.ucop.edu/ucophome/policies/bfb/is3.pdf

                                                               i.      Implementing Guidelines http://www.ucop.edu/ucophome/policies/bfb/is3guide.pdf

b.      Minimum Security Standards http://security.berkeley.edu/MinStds/

                                                               i.      Provisional Requirements for Restricted Data Plans http://security.berkeley.edu/MSRestricted.htm

c.       Campus Implementation of SB-1386 (Senate Bill) http://socrates.berkeley.edu:7015/protected.data.html

d.      DMUP Best Practices Appendix B http://datasteward.berkeley.edu/DMUP.htm#AppB

e.       Departmental Security Contact policy http://security.berkeley.edu/contacts.html

f.        Guidelines and Procedures for Blocking Network Access http://security.berkeley.edu/contacts.html

 

 

V.                 Resources, Tools and  Services

a.       Campus Security and You (Online training for all campus members)

http://security.berkeley.edu/tutorial/

b.      Computer and Data Security on Campus: A Tutorial for Users (White paper for faculty but useful to all campus members)

http://security.berkeley.edu/Documents/Security-WP.html

c.       Campus Restricted Data List http://datasteward.berkeley.edu/RestrictedDataIntro.htm

d.      Data Stewardship Council (DSC) Inventory Tool http://datasteward.berkeley.edu/

e.       Restricted Data Management Registry (RDM) http://rdm.berkeley.edu/

f.        System & Network Security (SNS) Database Standards for Restricted Data http://security.berkeley.edu/DbaseStanRestDatav32.htm

g.       SNS Host Security Bundle http://securitysig.berkeley.edu/presentations/20060525/HostSecurityBundle_AllisonHenry20060525.ppt

h.       UCB Security Special Interest Group (SIG) http://securitysig.berkeley.edu/

i.         Encryption Information for UC Berkeley https://webfiles.berkeley.edu/karl_grose/encryption/encryption-info.html

j.        System and Network Security http://security.berkeley.edu/

k.      Campus IT Policy http://cio.berkeley.edu/policies.html