Dear Colleagues:
Berkeley Campus administrative officials are responsible for ensuring
that comprehensive written security plans to protect "restricted
data" are in place. The recently-issued Provisional Data Management,
Use, and Protection Policy (DMUP) covers related information, such as
how "restricted data" is to be identified and by whom:
http://dataintegration.vcbf.berkeley.edu/ .)
To help ensure security concerns are adequately addressed, staff from
the Campus Information Security Committee (CISC) and the Data
Stewardship Council (DSC) have drafted "Requirements for Restricted
Data Security Plans". These requirements are being added, as
Appendix C, to the Campus Policy on "Minimum Security Standards for
Networked Devices."
Depending on the type of restricted data and the way in which it is
processed, a wide variety of possible security measures could be
appropriate. Therefore, the new requirements comprise an outline of
"points to be addressed" in security plans, for the most part, rather
than specific technical configurations. The current version was
approved by the E-Berkeley Steering Committee, on a provisional
basis, pending review and input from appropriate campus individuals
and groups.
The drafting group is still working on some accompanying aids such as
sample plans and implementing instructions, but these are not yet
ready. However, given the vulnerability of restricted data on
Campus, we are escalating the pace of implementation by asking for
feedback on the document itself at this point in time. (Offers of
existing material from your areas on campus will be gratefully
accepted for possible use in creating generic supplementary material.)
The Campus Information Security Committee (CISC) asks that you review
the "Provisional Requirements" at:
http://security.berkeley.edu/MSRestricted.htm and send any feedback
on this document to: security-policy@berkeley.edu . Your comments
will be appreciated. We anticipate that a robustly-evaluated version
of these requirements will become official policy during early 2005.
Thank you for your time in consideration of this document,
Karen Eft
-- ========================================================= Karen E. Eft Information Technology Policy Manager UC Berkeley (510)642-4095 http://itpolicy.berkeley.edu ========================================================= ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Mon Dec 13 17:21:44 2004
This archive was generated by hypermail 2.1.8 : Mon Dec 13 2004 - 17:21:54 PST