October 20, 2015

TO: Campus Community
FR: Matthew Hall, Associate Vice Chancellor and Chief Information Officer
RE: Campus Cyber-Risk

Last spring, as was widely reported in the media, UCLA Health was the victim of a criminal cyber attack. Universities everywhere are increasingly concerned about protecting sensitive and private data, including financial, private, research, and other data generated from student life, teaching, and research missions. Cyber threats impact our personal technology and information security, and concern each of us.

President Napolitano recently asked all UC campuses to promote a more secure environment by establishing campus Cyber-Risk Management Plans. This effort involves the active participation of campus leaders and stakeholders to assure a comprehensive understanding of our risks. An effective strategy for managing these risks will emerge out of that understanding. This process enables us to collaborate UC-wide to identify and implement data and information systems safeguards that will benefit all of our campuses.

Each campus designated a Cyber-Risk Responsible Executive to coordinate relevant risk assessments, serve as lead representative in UC-wide cyber risk management planning, and lead the development of the campus Cyber-Risk Management Plan. At UCSB, the Chief Information Officer is designated to serve in this role for our campus. I look forward to engaging the entire campus in this important initiative in the weeks and months ahead. Further communications will follow.

The UC Office of the President now requires all UC employees on payroll with active status, regardless of previous training taken, to complete a new Cyber Security Awareness Training course. The course must be completed by January 31st, 2016, or within 6 weeks for any subsequent new hires, and will be required annually. More information about this training initiative will follow shortly.

Lastly, since October is Cyber Security Awareness Month, I encourage you to learn more about keeping your information and systems safe.