Developing a Comprehensive Security Policy and Risk-Management Strategy for a Public Research University

Wednesday, May 03 | 10:20AM–11:20AM | Spruce, Second Floor
Session Type: Breakout Session
Delivery Format: Concurrent Session
Developing a solid policy and risk-management framework requires collaboration and must include faculty in governance. What does it take to develop a flexible policy? What are the features needed to scale and serve a distributed, diverse, open research university? We will touch on governance, policy and standard elements that serve as the foundation of UC’s program. This presentation will include discussion of ISO-27001/27002, NIST-800-171 controlled unclassified information (CUI), and the NIST Cybersecurity Framework (CSF) as essential pillars in building an approach to security policy. This is a topic specific/intermediate level session.

Outcomes: Gain insights related to project management on a large policy project * Learn about policy development processes and policy features * Understand how to apply external frameworks to higher education


  • Robert Smith

    Systemwide IT Policy Director, Security Director, University of California, Office of the President