MIMS Final Project 2008
IT Security for Berkeley Academic Resources (IT’S a BeAR!)
Advisor:
Eric Kansa
The regulatory regime covering information handling at a major research
university such as UC Berkeley is varied and complex. There are many
laws, regulations, and policies that impose IT security management
requirements on organizations which store and process personal,
financial, and other types of sensitive data. Institutions that are not
in compliance face the loss of funding and other penalties.
A number of University-wide policies and campus-wide policies describe how the university community is to comply with individual parts of the regulatory regime, but it is not necessarily clear what concrete steps should be taken to ensure compliance as a whole. We are designing a mechanism to help members of the campus community determine the set of specific security controls they need to implement based on the nature of the information they are trying to protect.
A number of University-wide policies and campus-wide policies describe how the university community is to comply with individual parts of the regulatory regime, but it is not necessarily clear what concrete steps should be taken to ensure compliance as a whole. We are designing a mechanism to help members of the campus community determine the set of specific security controls they need to implement based on the nature of the information they are trying to protect.
