Select Page

Computer & Information Security

Computer SecurityCyber Security is your ongoing responsibility.  The UC, UCLA, and SEASnet have standards and policies in place to understand our risk, detect problems, and mitigate them.  The umbrella policy covering all of this is UC’s revised and updated Electronic Information Security Policy (IS-3).

Understanding Risk
Knowing what’s at risk is an important part of cyber security.  We need to collect and report, to the UC, the risk levels of different types of Institutional Information and IT Resources.  See UCOP’s site for classification levels for guides and samples.  In short, there are Protection Levels and Availability Levels for both data and devices.  If you have data or devices that are a risk (as defined above) to you and/or the University, let us know.  We will also ask you regularly.  Regardless of Protection and Availability levels, having your machine on the network means that it can a risk because it can be used by malicious actors to get access to our networks and resources.

Detecting Problems
Knowing what is happening on the network and on devices helps to have a proactive posture to security.  The UC has a system-wide Threat Detection and Identification tool set.  UCLA and SEASnet use local tools to detect attacks and find vulnerabilities on our systems.  One such tool scans our networks regularly and provides reports with remediation guidance given.  Additionally, for University owned devices, FireEye endpoint security software is also required to serve as anti-malware with real-time threat detection and prevention.  Contact our Help Desk if your device qualifies for FireEye end point security software to be installed.  See the Detecting Problems page for more details.

Mitigating Problems
SEASnet gets notified of vulnerabilities, network traffic, malware, or other problems in various ways.  We are required to remediate/mitigate them.  When we notify you of a security incident, it is your responsibility to acknowledge, act, and respond within the time frame required.  Failure to take action will result in loss of network access, could expose the School and University to broader problems, and possible legal action.

—-

When you are requesting to connect your machine to the network, it is your responsibility to make sure that your machine complies with all relevant policies.  This includes:

If a compromised system holds personal data (e.g. Social Security number, credit card number, medical and/or health information), you must follow the procedure in UCLA Policy 420 to avoid violating California State Law.

SEASnet has provided the following guidelines for securing your machine. If you are unsure of any of these steps please contact the SEASnet Help Desk.