To: UCOP Community
From: Kristine Hafner, Associate Vice President, Information Resources and Communications
I am writing to provide an update on information security at UCOP, including news about two important information technology policies for UCOP: An update of the Electronic Information Security Policy, and establishment of the Windows Password Policy.
Progress Report on the UCOP Security Initiative
IR&C; has worked with other departments over the past year to establish
a more secure computing environment for UCOP. Most notably, we installed
a common desktop "image" or software configuration on all UCOP desktop
and laptop computers. This enables us to address security vulnerabilities,
such as viruses and spam, and to automatically install software updates.
We are pleased to report that these steps, in conjunction with recent
network upgrades-and your compliance with policy-have
resulted in a significant decrease in incidents of unauthorized access
to our computers and servers. Thank you for your contributions.
Electronic Information Security Policy. This policy was updated recently with the addition of a section describing departmental responsibilities for protecting sensitive information. New language reads that "UCOP departments should implement procedures and practices that ensure, to the extent possible, the confidentiality, integrity, and availability of the University's information assets, as well as the protection of sensitive data, such as Social Security numbers, personal financial data, health information, and student educational records."
Departmental responsibilities include assigning an individual responsibility for the department's electronic information security, conducting an inventory of sensitive information held by the department, and developing procedures for protecting information and lessening risk. The policy is available on the Web at http://www.ucop.edu/irc/policy/ucop/opsecpolicy.html.
Windows Password Policy. We have issued a new policy that defines password requirements for the UCOP Windows environment, meaning the password you use to log onto your computer or to access Web e-mail. In short, the password must be a minimum of 8 letters, complex, and changed every 180 days. The policy is online at http://www.ucop.edu/irc/policy/passwordpol.html and provides guidance on creating a "complex" password. Information about managing your password is included in Frequently Asked Questions: http://www.ucop.edu/irc/services/passwordfaq.html
Additional Information
All UCOP IT policies may be found at http://www.ucop.edu/irc/policy/ucop/ucopitpolicies.html.
The UCOP information security Web site at http://www.ucop.edu/irc/itsec/
provides important guidance about playing your part to protect personal
and confidential information.
