Conducting a Preliminary Risk Analysis and Creating an IT Security Group and Policy

"It is our sense that the major security problem for the Campus is the absence of a Campus security policy and a coordinated plan. The absence of such a plan contributes to an environment that is vulnerable to attack, and includes the risk that security issues may be handled inadequately and in piecemeal fashion. Additionally, potential threats which could affect a large number of users are often unknown to those who could take steps to protect themselves." 1994 IST Security Task Force Report—Assets and Threats After an unsuccessful attempt in 1994 to develop an IT security strategy, then associate vice chancellor of Information Systems and Technology (IST) and current CIO Jack McCredie asked me to put together the Information Technology Architecture Task Force (ITATF) Security Working Group and develop a strategy for addressing the main IT security risks at Berkeley. McCredie's backing of this initiative was key to overcoming resistance from IT managers and upper management.