Proposal for Enhancing UC Davis IT Security Bob Ono, IT Security Coordinator

1. Proposal for Enhancing UC Davis IT Security Bob Ono, IT Security Coordinator Campus Council for IT May 14, 2012

2. Eight security program components • Web application vulnerabilities • Personal identity information • Campus vulnerability scanning • VLAN firewalls • System integrity monitoring and reporting • Incident response plans • Enterprise remote services • Anti-virus/malware software licensing

3. Security program planning • January: Provost charge to ECRC privacy and security subcommittee • March/April: Draft proposal shared with CCFIT, Deans’ offices and academic and administrative technical units • May: Ethics and Compliance Risk Privacy and Security Subcommittee prepares final draft recommendations • June: Final draft recommendations shared with campus community (COO/DTC/TIF/CCFIT Steering) • July: Final recommendations presented to Provost and ECRC

4. Security program references • Central IT security program: http://security.ucdavis.edu • SEE ALSO: • Deans’ Technology Council notes • http://dtc.ucdavis.edu/minutes • Technology Infrastructure Forum notes • http://tif.ucdavis.edu/meetings.html • UC Davis Cyber-safety Policy (PPM 310-022) • http://manuals.ucdavis.edu/PPM/310/310-22.pdf • UC information security policy (BFB IS-3) • http://www.ucop.edu/ucophome/policies/bfb/is3.pdf