{"id":567,"date":"2022-10-19T18:35:29","date_gmt":"2022-10-20T01:35:29","guid":{"rendered":"https:\/\/sites.oit.uci.edu\/infosec\/?page_id=567"},"modified":"2025-12-19T17:53:18","modified_gmt":"2025-12-20T01:53:18","slug":"program","status":"publish","type":"page","link":"https:\/\/www.security.uci.edu\/program\/","title":{"rendered":"UCI Information Security Management Program"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.18.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221;][et_pb_column _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; type=&#8221;4_4&#8243;][et_pb_button button_text=&#8221;View UCI Campus ISMP Document&#8221; _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; button_url=&#8221;https:\/\/ucirvine.sharepoint.com\/:b:\/s\/OIT-Security-Team\/IQAM91yGaqenT5hPLnV-gkWCAfJZFh51yiTZkXK36RpQCp0?e=RuFbPC&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243; button_alignment=&#8221;center&#8221;][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.18.0&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; sticky_enabled=&#8221;0&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.18.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.23.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;]The <strong>mission<\/strong> of the information security management program is to ensure the <em>confidentiality<\/em>, <em>integrity<\/em>, and <em>availability<\/em> of institutional information and IT resources at UC Irvine.<\/p>\n<p>The University campus is a <strong>unique environment<\/strong> to secure. Balancing the need to protect high risk information, important research, and critical infrastructure, in an open environment the size of a small city, while maintaining academic freedom and autonomy privacy.<\/p>\n<p>To achieve the mission, we recognize that information security is a <strong>shared responsibility<\/strong>. Every member of the University has a unique <a href=\"roles\/\">role and responsibility<\/a>. Leading this effort, the <a href=\"..\/team\/\">CISO<\/a> works with <a href=\"..\/uisl\/\">Units<\/a> across campus to reduce cybersecurity risk.<\/p>\n<p>The UC Irvine program aligns with University of California system-wide information security <a href=\"policy\/\">policies &amp; standards<\/a> as well as localized specific standards and augmented policies. The program takes a <strong>risk-based approach<\/strong>, starting with asset <a href=\"classification\/\">classification<\/a>, then <a href=\"risk-assessment\/\">risk assessment<\/a>, and finally prioritized remediation or <a href=\"exception\/\">exception acceptance<\/a>. An <a href=\"incident-response\/\">incident response<\/a> process is also defined to properly handle potential security incidents when they occur.<\/p>\n<p><a href=\"..\/uisl\/\">Units<\/a> are <strong>accountable<\/strong> for implementing information security and it should be embedded into the <strong>entire lifecycle <\/strong>where decision-making rights corresond to <strong>risk level<\/strong>.<\/p>\n<p>Drivers that influence the <strong>strategic direction<\/strong> and prioritization of the program include:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>UCI specific trends and issues (local risk assessments, audits, incidents in aggregate)<\/li>\n<li>UC system-wide policy, initiatives, audits<\/li>\n<li>Compliance (PCI, CJIS, HIPAA, Research, etc)<\/li>\n<li>Industry Trends<\/li>\n<li>3rd Party Assessments<\/li>\n<li>Cyber Insurance requirements<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>The overall <strong>maturity<\/strong> of the program is measured using the <a href=\"https:\/\/www.nist.gov\/cyberframework\">NIST Cybersecurity Framework<\/a>, audits, 3rd party and self-assessments, and operational metrics.<\/p>\n<p><strong>Governance<\/strong> of the program is covered by:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"..\/ispc\/\">Information Security &amp; Privacy Committee (ISPC)<\/a><\/li>\n<li><a href=\"https:\/\/www.compliance.uci.edu\/committees.php\">Campus Ethics &amp; Compliance Risk Committee (CECRC)<\/a><\/li>\n<li>CISO\/CRE\/CIO security meetings, CISO\/UISL security meetings, and CISO\/OIT leadership meetings<\/li>\n<li><a href=\"https:\/\/security.ucop.edu\/resources\/infosec-council.html\">UC Information Security Council (ISC)<\/a><\/li>\n<li>Periodic touchpoints with \u00a0<a href=\"https:\/\/senate.uci.edu\/committees\/councils\/council-on-research-computing-and-libraries-corcl\/\">Council on Research, Computing, and Libraries (CORCL)<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The mission of the information security management program is to ensure the confidentiality, integrity, and availability of institutional information and IT resources at UC Irvine. The University campus is a unique environment to secure. Balancing the need to protect high risk information, important research, and critical infrastructure, in an open environment the size of a [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<!-- wp:divi\/placeholder \/-->","_et_gb_content_width":"","_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"class_list":["post-567","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/pages\/567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/comments?post=567"}],"version-history":[{"count":11,"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/pages\/567\/revisions"}],"predecessor-version":[{"id":3018,"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/pages\/567\/revisions\/3018"}],"wp:attachment":[{"href":"https:\/\/www.security.uci.edu\/wp-json\/wp\/v2\/media?parent=567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}