A version of this story, and associated stories, appear in the 2024 Cyber Risk Program Annual Report. Read the report in its entirety here: https://security.ucop.edu/files/documents/2024-annual-report.pdf

Improving UC’s security posture

As cybersecurity threats become increasingly sophisticated, our service and tool capabilities are continually evolving to provide the most effective solutions. The initiatives outlined below span various areas of cybersecurity, reflecting ongoing efforts at UC to strengthen detection and response while expanding targeted learning opportunities. These initiatives, some of which are part of the Threat Detection and Identification (TDI) program, demonstrate our commitment to improving UC’s overall security posture.  

Simulated real-world cyberattack program

UC San Diego piloted a new, immersive training experience that allowed participants to respond to realistic cyberattack scenarios in a controlled, consequence-free environment using industry-standard tools. This innovative program provided invaluable hands-on experience. Read the full story in the Cyber Risk Program Annual Report on page 12. 

UC Tech Academy

UC Tech Academy, a leadership development program, has been revamped to focus on the broader concept of digital risk. By updating the program’s content and structure, we now better equip leaders to navigate the complexities of modern cybersecurity challenges and drive organizational resilience. Read more about UC Tech Academy here: https://uctechnews.ucop.edu/news-professional-growth-opportunities-uc-tech-academy/ 

The Digital Risk Leadership course content, variety of speakers, and interactive discussions were valuable. The program also emphasized that effective risk management is a shared responsibility, requiring partnership across all levels. I highly recommend it to professionals looking to deepen their understanding of digital risk management.

ROSHNI PRATAP, Director, Strategic  Sourcing, Office of the President

Shift to human-risk management

The industry’s shift from gamified training to human-risk management marks a new approach to security awareness. This method emphasizes behavioral change and proactive risk management, signaling a significant evolution in training priorities. Read the full story in the report on page 11. 

TDI Program enhancements

The Threat Detection and Identification (TDI) program continues to evolve as we explore new technologies that offer enhanced features and functionalities. These advancements are designed to integrate seamlessly into UC’s infrastructure, providing more robust and adaptable solutions for managing technical risks. Read more about the TDI program here: https://security.ucop.edu./services/threat-detection-and-identification/purposes.html 

AI and cybersecurity at UC

As AI technology advances, UC is at the forefront of discussions and initiatives through collaborative efforts, working groups, and committees. These initiatives focus on understanding and integrating AI’s role in enhancing cybersecurity and education. Read about UC’s Academic Congress on AI on page 16 of the report.  

Advancing cybersecurity metrics

In addition to regularly reviewing our tools and services, we evaluate systemwide cyber metrics to gain deeper insights into how digital risks are identified and mitigated across UC. By collecting and analyzing metrics such as Endpoint Detection and Response (EDR) coverage, the percentage of high-risk systems monitored by security, and the percentage of vendors without a Vendor Risk Assessment (VRA), we are better equipped to understand the evolving digital threat landscape, prioritize risks, and improve decision-making to safeguard institutional information and IT resources.

Learn more about UC cybersecurity

• Please note: The Cyber-risk Coordination Center (C3) is now UC Digital Risk and Security. This change reflects our focus on providing valued digital risk services and expertise to UC Locations and managing risk across the UC system. 

• Upcoming Summit – August 20, 2025: Mark your calendars! The 16th UC Cyber Security Summit will take place on August 20, 2025, at UCLA. Keep an eye on the Cyber Security Summit website for more information, coming soon. 

Contact

Author