IT Security Program
The UCSB IT Security Program is coordinated by Chief Information Security Officer under the auspices of the Office of Information Systems and Technology. The program encompasses a broad range of security services, initiatives, and guidelines maintained by providers across the campus, with the goal of protecting the information we use and exchange in conformance with campus and UC system-wide policies, as well as state and federal regulations.
Information Security Breach: If you suspect that restricted information has been compromised, contact email@example.com.
UCSB Chief Information Security Officer Karl Heins presented a campus information security plan to the Information Technology Planning Group (ITPG) at its October meeting. Based on audit recommendations, the plan covers risk assessment and asset inventory, incident management, business recovery planning, network security, financial system security, and related areas. Both existing controls and plans for security improvements in 2012 are documented.
After thorough testing of available "Sensitive Data Scanners", the OIT found that Cornell's Spider was the best available free tool. However, individual departments are free (presuming compliance with their own internal policies) to use whatever tool they wish.
Spider is not officially supported by OIT, but we will be willing to help users to a reasonable extent with any technical issues encountered.
Securely (Permanently) Deleting Data
UCSB faculty and staff who work with any form of restricted data need to be cautious even when deleting files from their computer workstations. Generally speaking, the recycle or trash bins provided by most standard operating systems do not completely remove a file when they are emptied. As a result, simply moving a file to the trash or recycle bin is not sufficient for deleting the restricted data. Use the resources on this page to ensure restricted data is properly disposed of.
The University of California has purchased an insurance policy to help defray the costs associated with incidents where the security of an information system has been breached. To be covered by this new policy, specific security requirements must be met before and at the time of the breach.