Print this Section Only-PDF Version
Responsibilities and activities involving security fall into two categories, campus security and security of electronic information resources.
Campus Security: The University of California Police Department (http://public-safety.berkeley.edu/police/) provides high-quality, professional crime prevention, protection, and law enforcement services to maintain and promote human safety and the security of property for the campus and its associated locations. The department handles all patrol, investigation, crime prevention education, emergency preparedness, and related law enforcement duties for the campus community and operates 24 hours a day, seven days a week.
The Alarms and Access Control Office (http://public-safety.berkeley.edu/police/coes/ucpdcoes.html), within the UC Police Department’s Community Outreach and Emergency Services Division, has the responsibility for operational and system management of the campus's alarm, access control, and video systems. In addition, the program manager assists departments with the planning and implementation of new security systems on the campus. Campus access policy and departmental e-mail addresses can be found at http://public-safety.berkeley.edu/police/coes/accesscontrol.html.
The Chief of Police, acting as the Access Control Director, is responsible for approving all new access control systems and modifications to existing systems. In addition, the Chief of Police oversees audits of campus departments and units to determine the level of adherence to the access control policy. Physical Plant – Campus Services Key Control Manager (http://physicalplant.berkeley.edu/Pages/support.html) is responsible for creating a mechanical keying system that ensures security and convenience to departments occupying buildings or facilities, and for coordinating new systems. Administrative officials are responsible for overseeing the process of controlling department keys and maintaining records of access control activities. Procedures for replacing lost keys can be accessed at http://public-safety.berkeley.edu/police/coes/keyreqproceed.html.
The UC Police Department has a web site with web links covering all facets of physical security issues including safety programs and services, prevention strategies, UC Berkeley policies, crime statistics, and instructions on how to report a crime. It can be accessed at http://public-safety.berkeley.edu/police/safetycounts/.
Electronic Information Resources Security: UC Berkeley's electronic information resources (EIR), including data, applications, systems, hardware, networks, and software, are valuable assets which each member of the campus community has responsibility for protecting. Threats to these assets include insufficient access protection, inappropriate use by insiders, malicious activity by outsiders, and natural disasters. EIR security responsibilities may range in scope from coordinating the security plan for the campus, or a large information processing system, to the simple requirement that a user must protect the confidentiality of his or her own password.
UC Berkeley's Chief Information Officer (http://cio.berkeley.edu/) has overall coordination responsibility for campus compliance with University security policies and guidelines, including Business & Finance Bulletin IS-3, Electronic Information Security. These policies and guidelines can be accessed at (http://socrates.berkeley.edu:2002/pols.html).
The System and Network Security Office (http://socrates.berkeley.edu:2002/) is responsible for working with the campus community to protect the computer and network infrastructure from electronic attack. Security incidents should be reported by sending an e-mail communication to security@berkeley.edu.
The Campus Information Security Committee (http://socrates.berkeley.edu:2002/CISC/) reports to the E-Berkeley Steering Committee. The committee is responsible for developing campuswide strategy in the area of EIR security, and for developing and reviewing campuswide EIR security policy and procedures.
All administrative officials, as users of electronic information resources, are responsible for complying with UC Berkeley policies, procedures and standards relating to EIR security (http://socrates.berkeley.edu:2002/pols.html). They are also responsible for securing their own workstation from unauthorized use, and for not sharing passwords. Administrative officials who are authorized to obtain data from protected systems are responsible for adequately protecting the data after it is downloaded to their own location.
Campus departments have different responsibilities for EIR security depending on their relationship (role) with the resources.
Administrative officials in EIR Proprietor (functional owner) departments have the responsibility for specifying the uses for a departmentally owned server; establishing the functional requirements during the development of a new application; and maintaining existing applications. The functional owner is responsible for determining the level of security required for access controls, and the method for providing business continuity in case of disaster. The Proprietor is also responsible for specifying adequate data retention requirements.
An EIR Custodian (service provider) has physical or logical control over a functional owner's resource. Administrative officials in custodial departments are responsible for implementing security measures in accordance with the level of access security identified by the functional owner, ensuring that data retention requirements are met, and overseeing the process of recovering from a disaster. This role includes central departments with maintenance responsibility for an application, departmental system administrators of a local area network, and the database administrator for a campuswide database.
All administrative officials are responsible for ensuring that EIR users in their jurisdiction:
Departmental Security Contacts, appointed by department heads, are responsible for responding to security incident reports from the System and Network Security Office (http://socrates.berkeley.edu:2002/). They are responsible for ensuring that appropriate personnel take action in response to each security incident. Only in cases where the incident poses a potentially serious threat to the campus or the Internet will the System and Network Security Office immediately block network access. Departmental Security Contact Policy can be accessed at http://socrates.berkeley.edu:2002/contacts.html.