Unit Information Security Lead (UISL)

Getting Started

1. 1. Read through UCI ISS and UC IS-3 policy and standards.
   2. Familiarize yourself with the UISL role description.
   3. At UCI we split the UISL role between an Administrative UISL and Technical UISL, who represent security leadership for the business operations and IT operations, respectively. While it is ultimately up to the Unit Head how to assign responsibilities within their Unit, a suggested breakdown of responsibilities between the two is UISL Responsibilities RACI.

The Basics

1. 1. Act as the Unit’s central contact regarding information security.
   2. Have regular communications (at least quarterly) with the Unit Head, both to keep them informed of the current security risk posture of the Unit, and also any resource or prioritization needs to ensure you can succeed in the UISL role.  Ensure there is an active dialogue between Unit Head and UISLs.  Also periodically submit a Unit Security Progress Report on behalf of the Unit to CISO and CRE.
   3. Actively participate in all campus-wide security activities such as meetings, alerts, and requests from the CISO.
   4. Ensure that any potential security incidents are reported to the CISO and Unit leadership.

First Initiatives

1. 1. Complete Unit Information Security Management Plan (ISMP).
   2. Complete Unit Protected Data & Systems Inventory.
   3. Document Unit process for tracking, remediating, and communicating risk related to vulnerabilities.
   4. Document Unit approach to ensuring minimum security standards.

Resources

• • UCI Information Security Management Program
  • Current Unit Leadership
  • Information Security Services
  • OIT Security Risk and Compliance Service Request
    • (Consulting for ISMP, PDSI, IS-3, etc; Unit draft reviews; Facilitated Risk Assessments)
  • OneTrust Tool
  • Supplier Security Reviews
  • UC ITPS Group
  • UISL Mailing List
  • UISL Reports