According to the 2023 IBM Cost of a Data Breach Report, the average cost of a data breach in 2023 was $4.45M. This is one reason companies and organizations perform regular security risk assessments, which typically involve identifying, assessing, and implementing key security controls.
Combating breaches across UC
Bad actors focusing on software breaches with suppliers are on the rise everywhere. That means that they have the capability to inflict widespread harm that impacts both the main target and their customers.
UC Office of the President has addressed the increased risk of data breaches by creating a new centralized unit within Cyber-risk Coordination Center (C3) to assess location and third-party supplier risk. This unit will reduce redundancies in current processes and improve executive visibility.
This is where Damian Luna comes in. Luna joined C3 in December 2023 and has been using his years of experience as a cyber risk advisor to develop the team that will be performing these risk assessments.
Building a new team focused on collaboration
Originally from California, Luna grew up in Orange County and attended college in Bay Area, where he resides today with his wife and daughter. When he’s not at work, he enjoys the outdoors and playing music. In fact, during the pandemic, Luna built his own electric guitar.
With more than 19 years of experience in the technology industry, Luna has spent the past 12 specializing in cyber risk governance and compliance. A certified information security professional, he most recently led the consulting services team at a tech startup, working with CISOs spanning the healthcare, finance, high-tech, and telecom industries to effectively manage their cyber risk programs.
“I’m very excited to build a new team and help UC achieve new levels of collaboration than ever before,” he said. “Risk is the shared language between senior leadership, IT, and information security. My team’s goal will be to offer a service that helps establish that language at all UC locations.”
Luna’s program will tie into broader initiatives from Van Williams, Vice President of Information Technology and Chief Information Office, with the overall goal to provide an improved range of services to benefit all of UC.
New UC Office of the President assessment unit
The new cyber risk assessment unit will establish a repeatable risk methodology, reduce redundancies in current processes, and improve executive visibility. An added benefit is sharing risk assessment information across the system to make more informed investment decisions.
This new unit focuses on two areas:
UC Location Risk Assessments
The new cyber risk assessment unit works with UC locations on self-cyber assessments to identify various risks that could affect UC assets, including hardware, systems, applications, laptops, research data, and intellectual property. UC location assessments will be performed in accordance with an established systemwide risk methodology and standard metric tracking.
Supplier Risk Assessments
Supplier assessments analyze the risks introduced to UC via relationships along its ecosystem or supply chain, which may include suppliers, partners, affiliates, contractors, or service providers with access to UC internal data, systems, processes, or other privileged information.
Understanding challenges and improving processes
Over the past several months, Luna has spent extensive time with location CISOs, their risk management teams, and other impacted stakeholders to understand their challenges.
“We are using this feedback to engineer a service that is fit for purpose, that addresses these challenges, and will act as a central location to share risk intelligence,” he says.
Rather than take a top-down approach, Luna stressed that the goal is to start with areas of common concern and build up from there.
“Gathering this feedback has been crucial to building relationships that will create a strong foundation to deliver our services,” said Luna.
Luna’s team will partner with procurement, privacy, and other groups, creating new processes and improving on previous work done around risk assessments. One of the most important steps so far, he says, has been establishing a common language of risk to ensure clarity and consistency across all levels.
“It’s all about sitting in the middle and knowledge sharing. Looking at it from a systemwide perspective, this new team will be reducing duplication, emphasizing cost effectiveness, and making it easier to analyze risk across UC,” he said.
“We’re a help line,” said Luna, “here to support locations with short-term and long-term solutions.”
Learn more about UC cyber security
- C3 Tools and Services: The Cyber-Risk Coordination Center (C3) collaborates with UC locations to enhance cybersecurity systemwide. Use this link to learn about C3 services and tools.
- Upcoming Summit – October 2024: Mark your calendars! The 15th UC Cyber Security Summit will take place on October 9, 2024, at UC Irvine. Early bird registration starts in July. Keep an eye on the Cyber Security Summit website for more information, coming soon.
- Cyber Risk Program Annual Report: To delve deeper into cybersecurity initiatives across UC, explore the insights shared in the 2023 Cyber Risk Program Annual Report.
Contact
Cyber Risk Assessment Unit Manager
UC Office of the President
Author
Digital Risk Communications and Events Manager
UC Office of the President