Information Security Office
The Mission of the Information Security Office at UC Riverside is to enhance security and protect information for UC, UCR, and associated communities.
The UC Riverside Information Security Office’s vision is to support the University's mission by:
• providing the highest level of expertise.
• promoting and instilling a ubiquitous security-minded culture.
• designing, deploying, and managing resilient processes with a continuous improvement mindset.
To learn more about security guidelines and standards, please visit the University Knowledge Base.
Integrity – We hold that integrity is a necessity that centers on the idea that our actions are open and transparent and of the highest level of quality. We strive to foster trustworthiness between the ISO and those we work with.
Collaboration – We endeavor to build, support, and encourage collaboration across teams, Units at UC Riverside, and organizations outside of UC Riverside to address and solve complex problems.
Balance – We are sympathetic to the give and takes of life and work, and believe that keeping a stable and balanced view is a must for addressing both work issues and life.
Service – We believe that we are in service to UC Riverside and its related communities, and as such strive to be proactive, courteous, and deliver a high level of expertise.
Innovation – We recognize and embrace the need to be creative and innovative in our efforts to provide better solutions to address security risks and issues that threaten the UC and UC Riverside communities.
The team’s goal is to serve UC Riverside’s community by improving UC Riverside’s information security posture. This will help the community securely generate, advance, disseminate, and apply data and knowledge, as the community pursues the UC mission of teaching, research, and public service.
Who We Are
Identity and Access Management
The Identity and Access Management (IAM) team defines, implements, and manages the UC Riverside official identity lifecycle, enabling the campus to ensure that the right people have the right access and discreetly verify user identities when they log in and throughout the session. The team also manages the tools related to UC Riverside’s Single Sign-On technology which the campus can leverage to quickly enable access to resources and applications.
The core activities and services are IAM architecture, technology responsible for ID lifecycle management, aspects of the actual user identities management, the management process for the campus to take advantage of the SSO, multi-factor authentication through Duo (shared with SecOps), and IAM consultation.
Risk, Compliance, and Outreach
The Risk, Compliance, and Outreach (Risk) team implements risk management frameworks; designs risk assessment programs including threat awareness, vulnerability assessment, and impact evaluation as related to campus business drivers. They also develop information security awareness programs and artifacts for campus dissemination. Creates and maintains a portfolio of security awareness, training, and education for students, staff, faculty, and other community groups.
The core activities and services are security architecture, risk governance, vendor risk assessments, unit risk assessments, system risk assessments (pen-test light), vulnerability management, compliance (PCI, NDAA, CMMC, Audit Support, etc.), threat intelligence, awareness and training, security outreach (shared across the different teams), cyber-risk exception process, security policy, and risk information security consultation.
The Security Operations (SecOps) team establishes and performs formal security practices including event and incident monitoring, detection, response, recovery, and initiating forensic investigations. They also define and manage security systems portfolio to include administration and sustainment of IDS, IPS, firewall, and other security monitoring and detection appliances.
The core activities and services are security architecture operations, threat hunting, edge of network protection (shared with the infrastructure team), incident response, security log management, metrics program (shared across the entire ISO), and operational information security consultation.