introduction - university of california, davis. name of person completing report: q4. name of...

Q3.Q3.Name of person completing report:Name of person completing report:

Q4.Q4.Name of supervisor or direct manager:Name of supervisor or direct manager:

Q1.Q1.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.

The UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andThe UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andimproved with a change in approach. The 2015 survey:improved with a change in approach. The 2015 survey:

Introduces ISO security standards as the framework for assessing security compliance. This alignsIntroduces ISO security standards as the framework for assessing security compliance. This alignswith UC Office of the President efforts to rewrite University of California Information Security Policy ISwith UC Office of the President efforts to rewrite University of California Information Security Policy IS3 so that it mirrors ISO 27001 and 27002 Security criteria.3 so that it mirrors ISO 27001 and 27002 Security criteria.Moves away from simple yes/no answers, to more nuanced questions that will provide higher qualityMoves away from simple yes/no answers, to more nuanced questions that will provide higher qualitydata and a more accurate overall picture.data and a more accurate overall picture.

The safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyThe safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyappreciates your candid participation in this survey. As technical professionals, you know how importantappreciates your candid participation in this survey. As technical professionals, you know how importantbest practices are to security administration. This survey, and the results it obtains, reinforce thosebest practices are to security administration. This survey, and the results it obtains, reinforce thosestandards.standards.

Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Therefore, we (the Information Security group) are looking for the best possible answers, not for perfect orTherefore, we (the Information Security group) are looking for the best possible answers, not for perfect orexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to beexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to becorrect. If there is no hard data for a particular question, then please answer with your best guess.correct. If there is no hard data for a particular question, then please answer with your best guess.

We are seeking insight into how the campus operates, and giving us your best possible answers will help usWe are seeking insight into how the campus operates, and giving us your best possible answers will help us1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our services1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our servicesto help reduce that risk.to help reduce that risk.

Your responses will help us understand our collective progress and shed light on our shared challenges.Your responses will help us understand our collective progress and shed light on our shared challenges.Thank you in advance for thoughtfully participating in this critical survey.Thank you in advance for thoughtfully participating in this critical survey.

Q2.Q2.Pre-Survey QuestionsPre-Survey QuestionsThese pre-survey questions will help us understand and respond to survey findings. We appreciateThese pre-survey questions will help us understand and respond to survey findings. We appreciateyour willingness to provide us with the following information. your willingness to provide us with the following information.

Q5.Q5.Email AddressEmail Address

Q6.Q6.Phone Number Phone Number

Q8.Q8. Name of Unit/Department (include sub-units if appropriate) Name of Unit/Department (include sub-units if appropriate)

Q10.Q10.How many FTE with in the units that this survey covers? How many FTE with in the units that this survey covers?

Q7.Q7. Name of College, Professional School, Administrative Unit: Name of College, Professional School, Administrative Unit:

Q9.Q9.Population of users supported in survey response (check all that apply)

FacultyFaculty StudentsStudents

StaffStaff

Q11.Q11.Please list the VLAN names represented in your survey response? If this survey includes other sources, i.e.cloud services, or an individual machine, please choose other and explain. If it is for an individual machineplease include the MAC address.

Cloud servicesCloud services DC&CLIENT-SVC-95DC&CLIENT-SVC-95 INST-TRNS-ST-2-FWINST-TRNS-ST-2-FW PLANT-SCIENCES-9-DMZPLANT-SCIENCES-9-DMZ

Individual machineIndividual machine DC-COLO-1-DMZDC-COLO-1-DMZ INTERNAL-AUD-1-DMZINTERNAL-AUD-1-DMZ PLANT-SCIENCES-9-FWPLANT-SCIENCES-9-FW

ACAD-PREP-PROG-1-DMZACAD-PREP-PROG-1-DMZ DC-COLO-1-FWDC-COLO-1-FW INTERNAL-AUD-1-FWINTERNAL-AUD-1-FW POLICE-1POLICE-1

ACAD-PREP-PROG-1-FWACAD-PREP-PROG-1-FW DC-NOC-VM-1-DMZDC-NOC-VM-1-DMZ INTGRTD-STDS-1INTGRTD-STDS-1 POLICE-3-FWPOLICE-3-FW

ACTG&FINAC-1-DMZACTG&FINAC-1-DMZ DC-PRIVATE-DISTR-RCVRYDC-PRIVATE-DISTR-RCVRY INTRCOL-ATHL-1-FWINTRCOL-ATHL-1-FW POLICE-4-FWPOLICE-4-FW

ACTG&FINAC-1-FWACTG&FINAC-1-FW DC-PRIVATE-PRIMARYDC-PRIVATE-PRIMARY INTRCOL-ATHL-2INTRCOL-ATHL-2 POLICE-911-DMZPOLICE-911-DMZ

ACTG&FINAC-2-DMZACTG&FINAC-2-DMZ DEAN-AG-1-DMZDEAN-AG-1-DMZ INTRCOL-ATHL-3-FWINTRCOL-ATHL-3-FW POLIT-SCI-1-DMZPOLIT-SCI-1-DMZ

ACTG&FINAC-2-FWACTG&FINAC-2-FW DEAN-AG-1-FWDEAN-AG-1-FW INTRCOL-ATHL-4-DMZINTRCOL-ATHL-4-DMZ POLIT-SCI-1-FWPOLIT-SCI-1-FW

ACTG&FINAC-3-DMZACTG&FINAC-3-DMZ DEAN-AG-2-DMZDEAN-AG-2-DMZ INTRN&CR-CTR-1-2-DMZINTRN&CR-CTR-1-2-DMZ PRIM-RES-CTR-1-3-DMZPRIM-RES-CTR-1-3-DMZ

ACTG&FINAC-3-FWACTG&FINAC-3-FW DEAN-AG-2-FWDEAN-AG-2-FW INTRN&CR-CTR-1-FWINTRN&CR-CTR-1-FW PRIM-RES-CTR-1-FWPRIM-RES-CTR-1-FW

ACTG&FINAC-5-FWACTG&FINAC-5-FW DEAN-AG-3-FWDEAN-AG-3-FW INTRN&CR-CTR-2-FWINTRN&CR-CTR-2-FW PRIM-RES-CTR-2-FWPRIM-RES-CTR-2-FW

ACTG&FINAC-6-FWACTG&FINAC-6-FW DEAN-AG-4-DMZDEAN-AG-4-DMZ IPM-PROJECT-1-DMZIPM-PROJECT-1-DMZ PRIM-RES-CTR-3-FWPRIM-RES-CTR-3-FW

ACTG&FINAC-7-FWACTG&FINAC-7-FW DEAN-AG-4-FWDEAN-AG-4-FW IPM-PROJECT-1-FWIPM-PROJECT-1-FW PRIM-RES-CTR-4-FWPRIM-RES-CTR-4-FW

ADMIN-&-RESRC-MGMT-1-ADMIN-&-RESRC-MGMT-1-FWFW DEAN-AG-5-DMZDEAN-AG-5-DMZ IPV6-TEST-V4IPV6-TEST-V4 PRIM-RES-CTR-5-FWPRIM-RES-CTR-5-FW

ADMIS&OUTRCH-2-FWADMIS&OUTRCH-2-FW DEAN-AG-5-FWDEAN-AG-5-FW IT-COMMUNRES-1-DMZIT-COMMUNRES-1-DMZ PRIMERO-1PRIMERO-1

ADMISSIONS-1-FWADMISSIONS-1-FW DEAN-AG-6-DMZDEAN-AG-6-DMZ IT-COMMUNRES-1-FWIT-COMMUNRES-1-FW PRIVATE-10PRIVATE-10

AG-ECONOMICS-1-DMZAG-ECONOMICS-1-DMZ DEAN-AG-6-FWDEAN-AG-6-FW IT-COMMUNRES-11IT-COMMUNRES-11 PRIVATE-169.254PRIVATE-169.254

AG-ECONOMICS-1-FWAG-ECONOMICS-1-FW DEAN-AG-7-FWDEAN-AG-7-FW IT-COMMUNRES-12-FWIT-COMMUNRES-12-FW PRIVATE-172.16PRIVATE-172.16

AG-HIST-CNTR-1AG-HIST-CNTR-1 DEAN-BIO-SCI-1-DMZDEAN-BIO-SCI-1-DMZ IT-COMMUNRES-13-FWIT-COMMUNRES-13-FW PRIVATE-192.168PRIVATE-192.168

AG-SERVICES-1AG-SERVICES-1 DEAN-BIO-SCI-1-FWDEAN-BIO-SCI-1-FW IT-COMMUNRES-14-HPRIT-COMMUNRES-14-HPR PROCERA-MGMT-1PROCERA-MGMT-1

ALUMNI-AFFRS-1-DMZALUMNI-AFFRS-1-DMZ DEAN-BIO-SCI-2DEAN-BIO-SCI-2 IT-COMMUNRES-15-HPRIT-COMMUNRES-15-HPR PROTEIN-STRU-1PROTEIN-STRU-1

ALUMNI-AFFRS-1-FWALUMNI-AFFRS-1-FW DEAN-ENGIN-1DEAN-ENGIN-1 IT-COMMUNRES-16-HPRIT-COMMUNRES-16-HPR PSYCHOLOGY-1-FWPSYCHOLOGY-1-FW

ALUMNI-AFFRS-2ALUMNI-AFFRS-2 DEAN-ENGIN-2DEAN-ENGIN-2 IT-COMMUNRES-17IT-COMMUNRES-17 PSYCHOLOGY-2-FWPSYCHOLOGY-2-FW

ALUMNI-AFFRS-3ALUMNI-AFFRS-3 DEAN-ENGIN-3DEAN-ENGIN-3 IT-COMMUNRES-18IT-COMMUNRES-18 PSYCHOLOGY-3-FWPSYCHOLOGY-3-FW

ANIMAL-SCI-1-DMZANIMAL-SCI-1-DMZ DEAN-ENGIN-4DEAN-ENGIN-4 IT-COMMUNRES-19IT-COMMUNRES-19 PUB-COMMUNIC-1-FWPUB-COMMUNIC-1-FW

ANIMAL-SCI-1-FWANIMAL-SCI-1-FW DEAN-ENGIN-5DEAN-ENGIN-5 IT-COMMUNRES-2-FWIT-COMMUNRES-2-FW RADIO-INTEROP-1-FWRADIO-INTEROP-1-FW

ANIMAL-SCI-2ANIMAL-SCI-2 DEAN-ENGIN-6DEAN-ENGIN-6 IT-COMMUNRES-20IT-COMMUNRES-20 REC-HALL-1REC-HALL-1

ANIMAL-SCI-2-DMZANIMAL-SCI-2-DMZ DEAN-L&S-1-FWDEAN-L&S-1-FW IT-COMMUNRES-4-FWIT-COMMUNRES-4-FW REC-HALL-2-DMZREC-HALL-2-DMZ

ANML-RES-SVC-1-FWANML-RES-SVC-1-FW DEAN-L&S-2-FWDEAN-L&S-2-FW IT-COMMUNRES-8-FWIT-COMMUNRES-8-FW REC-HALL-2-FWREC-HALL-2-FW

ANR-1-DMZANR-1-DMZ DEAN-L&S-4-FWDEAN-L&S-4-FW IT-CRETV-2-3-DMZIT-CRETV-2-3-DMZ REC-HALL-3REC-HALL-3

ANR-1-FWANR-1-FW DEAN-L&S-6DEAN-L&S-6 IT-CRETV-2-FWIT-CRETV-2-FW REC-HALL-4REC-HALL-4

ANTHROPOLOGY-1-FWANTHROPOLOGY-1-FW DEAN-L&S-7-DMZDEAN-L&S-7-DMZ IT-CRETV-3-FWIT-CRETV-3-FW REGAN-1REGAN-1

ARCH-&-ENGR-1-DMZARCH-&-ENGR-1-DMZ DEAN-L&S-7-FWDEAN-L&S-7-FW IT-CRETV-COM-1-DMZIT-CRETV-COM-1-DMZ REGISTRAR-1-FWREGISTRAR-1-FW

ARCH-&-ENGR-1-FWARCH-&-ENGR-1-FW DEAN-L&S-DMZDEAN-L&S-DMZ IT-CRETV-COM-1-FWIT-CRETV-COM-1-FW REGISTRAR-1-VPNREGISTRAR-1-VPN

ARCH-&-ENGR-2ARCH-&-ENGR-2 DEAN-MED-ADM-1-FWDEAN-MED-ADM-1-FW IT-DSCMP-A&S-1-FWIT-DSCMP-A&S-1-FW REGISTRAR-2-FWREGISTRAR-2-FW

ARM-ALARMS-1-FWARM-ALARMS-1-FW DEAN-MED-ADM-10-FWDEAN-MED-ADM-10-FW IT-DSCMP-A&S-2-FWIT-DSCMP-A&S-2-FW RES-MGMT&PLNG-1RES-MGMT&PLNG-1

ART-1-3-DMZART-1-3-DMZ DEAN-MED-ADM-12-FWDEAN-MED-ADM-12-FW IT-INFO-RES-1IT-INFO-RES-1 RSVDRSVD

ART-1-FWART-1-FW DEAN-MED-ADM-13-FWDEAN-MED-ADM-13-FW IT-INFO-RES-10IT-INFO-RES-10 SAFETY-SVCS-1-DMZSAFETY-SVCS-1-DMZ

ART-2-FWART-2-FW DEAN-MED-ADM-14-FWDEAN-MED-ADM-14-FW IT-INFO-RES-11IT-INFO-RES-11 SAFETY-SVCS-1-FWSAFETY-SVCS-1-FW

ART-3-FWART-3-FW DEAN-MED-ADM-15-FWDEAN-MED-ADM-15-FW IT-INFO-RES-12IT-INFO-RES-12 SEG-ALDER-1SEG-ALDER-1

ASUCD-1-DMZASUCD-1-DMZ DEAN-MED-ADM-2-FWDEAN-MED-ADM-2-FW IT-INFO-RES-14IT-INFO-RES-14 SEG-MILLER-1SEG-MILLER-1

ASUCD-1-FWASUCD-1-FW DEAN-MED-ADM-3-FWDEAN-MED-ADM-3-FW IT-INFO-RES-15IT-INFO-RES-15 SEG-THOMPSON-1SEG-THOMPSON-1

AVC-ENRLMT-SVCS-1-DMZAVC-ENRLMT-SVCS-1-DMZ DEAN-MED-ADM-4-FWDEAN-MED-ADM-4-FW IT-INFO-RES-16IT-INFO-RES-16 SEGUNDO-1SEGUNDO-1

AVC-ENRLMT-SVCS-1-FWAVC-ENRLMT-SVCS-1-FW DEAN-MED-ADM-5-DMZDEAN-MED-ADM-5-DMZ IT-INFO-RES-17-FWIT-INFO-RES-17-FW SEGUNDO-2SEGUNDO-2

BFTV-1-DMZBFTV-1-DMZ DEAN-MED-ADM-5-FWDEAN-MED-ADM-5-FW IT-INFO-RES-18IT-INFO-RES-18 SHRD-SVC-CTR-1-FWSHRD-SVC-CTR-1-FW

BFTV-1-FWBFTV-1-FW DEAN-MED-ADM-6-FWDEAN-MED-ADM-6-FW IT-INFO-RES-19-20-DMZIT-INFO-RES-19-20-DMZ SIP-1SIP-1

BGI-UCDHS-1BGI-UCDHS-1 DEAN-MED-ADM-7-FWDEAN-MED-ADM-7-FW IT-INFO-RES-19-FWIT-INFO-RES-19-FW SIP-2SIP-2

BIO-SCI-1-DMZBIO-SCI-1-DMZ DEAN-MED-ADM-8-FWDEAN-MED-ADM-8-FW IT-INFO-RES-20-FWIT-INFO-RES-20-FW SIP-DMZSIP-DMZ

BOOKSTORE-1-DMZBOOKSTORE-1-DMZ DEAN-MED-ADM-9-FWDEAN-MED-ADM-9-FW IT-INFO-RES-21-VPNIT-INFO-RES-21-VPN SM-RUM-CRSP-1SM-RUM-CRSP-1

BOOKSTORE-1-FWBOOKSTORE-1-FW DEAN-VETMED-1-DMZDEAN-VETMED-1-DMZ IT-INFO-RES-25IT-INFO-RES-25 SOC-SCI-ADM-1-FWSOC-SCI-ADM-1-FW

BOOKSTORE-2BOOKSTORE-2 DEAN-VETMED-1-FWDEAN-VETMED-1-FW IT-INFO-RES-26-FWIT-INFO-RES-26-FW SOC-SCI-DSS-1-DMZSOC-SCI-DSS-1-DMZ

BOOKSTORE-2-DMZBOOKSTORE-2-DMZ DEAN-VETMED-2-DMZDEAN-VETMED-2-DMZ IT-INFO-RES-9IT-INFO-RES-9 SOC-SCI-DSS-1-FWSOC-SCI-DSS-1-FW

CABA-1CABA-1 DEAN-VETMED-2-FWDEAN-VETMED-2-FW JMIE-1JMIE-1 SOC-SCI-DSS-2-FWSOC-SCI-DSS-2-FW

CAES-1-FWCAES-1-FW DEAN-VETMED-3-FWDEAN-VETMED-3-FW JMIE-5JMIE-5 SOC-SCI-DSS-3-FWSOC-SCI-DSS-3-FW

CAFF-1CAFF-1 DEAN-VETMED-5-DMZDEAN-VETMED-5-DMZ KK-1KK-1 SOC-SCI-DSS-4-FWSOC-SCI-DSS-4-FW

CALREN2OOBCALREN2OOB DESIGN-1-FWDESIGN-1-FW KK-2KK-2 SOCIOLOGY-1-FWSOCIOLOGY-1-FW

CALSPACE-CNTR-1CALSPACE-CNTR-1 DESIGN-2-FWDESIGN-2-FW KM-1-DMZKM-1-DMZ SOLANO-1SOLANO-1

CALSPACE-CNTR-2CALSPACE-CNTR-2 DESIGN-4-VPNDESIGN-4-VPN KM-1-FWKM-1-FW SOLANO-2SOLANO-2

CAMPUS-EV&IN-1-DMZCAMPUS-EV&IN-1-DMZ DESIGN-LDA-DMZDESIGN-LDA-DMZ LA-RUE-1LA-RUE-1 SSL-VPN-1-DMZSSL-VPN-1-DMZ

CAMPUS-EV&IN-1-FWCAMPUS-EV&IN-1-FW DNS-1DNS-1 LA-RUE-2LA-RUE-2 SSL-VPN-1-FWSSL-VPN-1-FW

CAMPUS-EV&IN-2-DMZCAMPUS-EV&IN-2-DMZ DNS-2DNS-2 LA-RUE-3LA-RUE-3 STAF-DEV&PRF-2-DMZSTAF-DEV&PRF-2-DMZ

CAMPUS-EV&IN-2-FWCAMPUS-EV&IN-2-FW DOE-1-DMZDOE-1-DMZ LA-RUE-4LA-RUE-4 STAF-DEV&PRF-2-FWSTAF-DEV&PRF-2-FW

CASHIER-1-DMZCASHIER-1-DMZ DOE-1-FWDOE-1-FW LANG-LIT-1-DMZLANG-LIT-1-DMZ STATISTICS-1-DMZSTATISTICS-1-DMZ

CASHIER-1-FWCASHIER-1-FW DRAMATIC-ART-1-2-DMZDRAMATIC-ART-1-2-DMZ LANG-LIT-1-FWLANG-LIT-1-FW STATISTICS-1-FWSTATISTICS-1-FW

CBST-1-FWCBST-1-FW DRAMATIC-ART-1-FWDRAMATIC-ART-1-FW LANG-LIT-2-FWLANG-LIT-2-FW STDT-JUD-AFF-1-FWSTDT-JUD-AFF-1-FW

CBST-2CBST-2 DRAMATIC-ART-2-FWDRAMATIC-ART-2-FW LANGUAGE-LAB-1-DMZLANGUAGE-LAB-1-DMZ STU-DIS-CTR-1-FWSTU-DIS-CTR-1-FW

CBST-3CBST-3 ECONOMICS-1-DMZECONOMICS-1-DMZ LANGUAGE-LAB-1-FWLANGUAGE-LAB-1-FW STU-HLTH-SVCS-1-2-DMZSTU-HLTH-SVCS-1-2-DMZ

CENIC-GATEKEEPER-1CENIC-GATEKEEPER-1 ECONOMICS-1-FWECONOMICS-1-FW LARRY-1-DMZLARRY-1-DMZ STU-HLTH-SVCS-1-FWSTU-HLTH-SVCS-1-FW

CENTRIFUGE-1-HPRCENTRIFUGE-1-HPR ECONOMICS-2-FWECONOMICS-2-FW LARRY-1-FWLARRY-1-FW STU-HLTH-SVCS-2-FWSTU-HLTH-SVCS-2-FW

CEPRAP-1-FWCEPRAP-1-FW EDUCATION-1-DMZEDUCATION-1-DMZ LARRY-1-VPNLARRY-1-VPN STU-HLTH-SVCS-8-FWSTU-HLTH-SVCS-8-FW

CFO-SERVER-1-FWCFO-SERVER-1-FW EDUCATION-1-FWEDUCATION-1-FW LAW-1-FWLAW-1-FW STUD-AFF-RES-1-DMZSTUD-AFF-RES-1-DMZ

CHANCELLOR-1-DMZCHANCELLOR-1-DMZ EDUCATION-2-FWEDUCATION-2-FW LAW-2-FWLAW-2-FW STUD-AFF-RES-1-FWSTUD-AFF-RES-1-FW

CHANCELLOR-1-FWCHANCELLOR-1-FW EMERSON-1EMERSON-1 LAW-3-DMZLAW-3-DMZ STUDENT-ACTV-1-DMZSTUDENT-ACTV-1-DMZ

CHANCELLOR-10CHANCELLOR-10 EMERSON-2EMERSON-2 LAW-3-FWLAW-3-FW STUDENT-ACTV-1-FWSTUDENT-ACTV-1-FW

CHANCELLOR-11-12-DMZCHANCELLOR-11-12-DMZ EMERSON-3EMERSON-3 LAW-4-FWLAW-4-FW STUDENT-ACTV-2STUDENT-ACTV-2

CHANCELLOR-11-FWCHANCELLOR-11-FW EMO-1-DMZEMO-1-DMZ LAWR-1-DMZLAWR-1-DMZ STUDENT-AFFRS-1-FWSTUDENT-AFFRS-1-FW

CHANCELLOR-12-FWCHANCELLOR-12-FW EMO-1-FWEMO-1-FW LAWR-1-FWLAWR-1-FW STUDENT-AFFRS-3-FWSTUDENT-AFFRS-3-FW

CHANCELLOR-2CHANCELLOR-2 EMPHLTHOAK-1EMPHLTHOAK-1 LAWR-2LAWR-2 STUDENT-AFFRS-4-DMZSTUDENT-AFFRS-4-DMZ

CHANCELLOR-3CHANCELLOR-3 ENG-AP-SCI-1ENG-AP-SCI-1 LAWR-3LAWR-3 STUDENT-AFFRS-4-FWSTUDENT-AFFRS-4-FW

CHANCELLOR-4CHANCELLOR-4 ENG-AP-SCI-2-HPRENG-AP-SCI-2-HPR LAWR-5-FWLAWR-5-FW STUDENT-AFFRS-5-FWSTUDENT-AFFRS-5-FW

CHANCELLOR-5-DMZCHANCELLOR-5-DMZ ENG-AP-SCI-3ENG-AP-SCI-3 LDA-3-FWLDA-3-FW STUDENT-AFFRS-6-FWSTUDENT-AFFRS-6-FW

CHANCELLOR-5-FWCHANCELLOR-5-FW ENG-AP-SCI-4ENG-AP-SCI-4 LEACH-1LEACH-1 STUDENT-REC-1STUDENT-REC-1

CHANCELLOR-6-FWCHANCELLOR-6-FW ENG-BIO&AG-1ENG-BIO&AG-1 LIBRARY-1-FWLIBRARY-1-FW SWITCHROOM-1SWITCHROOM-1

CHANCELLOR-DMZCHANCELLOR-DMZ ENG-BIOMED-2ENG-BIOMED-2 LIBRARY-10LIBRARY-10 TEACH-RES-CT-1-FWTEACH-RES-CT-1-FW

CHEMISTRY-1-DMZCHEMISTRY-1-DMZ ENG-BIOMED-3ENG-BIOMED-3 LIBRARY-10-FWLIBRARY-10-FW TEC-COMM-1TEC-COMM-1

CHEMISTRY-1-FWCHEMISTRY-1-FW ENG-CHEM&MAT-1ENG-CHEM&MAT-1 LIBRARY-13-FWLIBRARY-13-FW TERC-1-DMZTERC-1-DMZ

CHEMISTRY-3-FWCHEMISTRY-3-FW ENG-CHEM&MAT-2-FWENG-CHEM&MAT-2-FW LIBRARY-2-FWLIBRARY-2-FW TERC-1-FWTERC-1-FW

CLEARPASS-1CLEARPASS-1 ENG-CHEM&MAT-3-DMZENG-CHEM&MAT-3-DMZ LIBRARY-3-FWLIBRARY-3-FW TERCERO-1TERCERO-1

CO-OP-EXT-1-DMZCO-OP-EXT-1-DMZ ENG-CHEM&MAT-3-FWENG-CHEM&MAT-3-FW LIBRARY-4-FWLIBRARY-4-FW TEXT-&-CLOTH-1-DMZTEXT-&-CLOTH-1-DMZ

CO-OP-EXT-1-FWCO-OP-EXT-1-FW ENG-CIVL&ENV-1ENG-CIVL&ENV-1 LIBRARY-5-FWLIBRARY-5-FW TEXT-&-CLOTH-1-FWTEXT-&-CLOTH-1-FW

CO-OPS-1CO-OPS-1 ENG-CIVL&ENV-2ENG-CIVL&ENV-2 LIBRARY-6-FWLIBRARY-6-FW THOREAU-1THOREAU-1

COE-HPC-CLUSTERCOE-HPC-CLUSTER ENG-CIVL&ENV-3ENG-CIVL&ENV-3 LIBRARY-7-FWLIBRARY-7-FW TOXIC-SUBSTANCES-1TOXIC-SUBSTANCES-1

COE-ITSS-1-DMZCOE-ITSS-1-DMZ ENG-CIVL&ENV-4ENG-CIVL&ENV-4 LIBRARY-8LIBRARY-8 TOXIC-SUBSTANCES-1-TOXIC-SUBSTANCES-1-DMZDMZ

COE-ITSS-1-FWCOE-ITSS-1-FW ENG-CIVL&ENV-5ENG-CIVL&ENV-5 LIBRARY-9-FWLIBRARY-9-FW TRS-1TRS-1

COE-ITSS-11-FWCOE-ITSS-11-FW ENG-CIVL&ENV-6-DMZENG-CIVL&ENV-6-DMZ LIBRARY-DMZLIBRARY-DMZ U-EXTENSION-1-DMZU-EXTENSION-1-DMZ

COE-ITSS-14COE-ITSS-14 ENG-CIVL&ENV-6-FWENG-CIVL&ENV-6-FW LRN-SKLS-CTR-1-FWLRN-SKLS-CTR-1-FW U-EXTENSION-1-FWU-EXTENSION-1-FW

COE-ITSS-2-DMZCOE-ITSS-2-DMZ ENG-CIVL&ENV-8ENG-CIVL&ENV-8 M-ANESTHESIO-1-DMZM-ANESTHESIO-1-DMZ U-EXTENSION-2-DMZU-EXTENSION-2-DMZ

COE-ITSS-2-FWCOE-ITSS-2-FW ENG-CMPR-SCI-1ENG-CMPR-SCI-1 M-ANESTHESIO-1-FWM-ANESTHESIO-1-FW U-EXTENSION-2-FWU-EXTENSION-2-FW

COE-ITSS-3-DMZCOE-ITSS-3-DMZ ENG-CMPR-SCI-2ENG-CMPR-SCI-2 M-COM-HEALTH-1-2-DMZM-COM-HEALTH-1-2-DMZ U-EXTENSION-3-DMZU-EXTENSION-3-DMZ

COE-ITSS-3-FWCOE-ITSS-3-FW ENG-CMPR-SCI-3ENG-CMPR-SCI-3 M-COM-HEALTH-1-FWM-COM-HEALTH-1-FW U-EXTENSION-3-FWU-EXTENSION-3-FW

COE-ITSS-4-FWCOE-ITSS-4-FW ENG-CMPR-SCI-4ENG-CMPR-SCI-4 M-COM-HEALTH-2-FWM-COM-HEALTH-2-FW U-EXTENSION-4-DMZU-EXTENSION-4-DMZ

COE-ITSS-5-FWCOE-ITSS-5-FW ENG-CMPR-SCI-5ENG-CMPR-SCI-5 M-CURIC-SUPT-1-DMZM-CURIC-SUPT-1-DMZ U-EXTENSION-4-FWU-EXTENSION-4-FW

COE-ITSS-6-FWCOE-ITSS-6-FW ENG-CMPR-SCI-6ENG-CMPR-SCI-6 M-CURIC-SUPT-1-FWM-CURIC-SUPT-1-FW U-EXTENSION-5-DMZU-EXTENSION-5-DMZ

COE-ITSS-7-FWCOE-ITSS-7-FW ENG-CMPR-SCI-7ENG-CMPR-SCI-7 M-GEN-I&R-1M-GEN-I&R-1 U-EXTENSION-5-FWU-EXTENSION-5-FW

COE-ITSS-8-FWCOE-ITSS-8-FW ENG-CMPR-SCI-8ENG-CMPR-SCI-8 M-NEUROLOGY-1-FWM-NEUROLOGY-1-FW U-RELATIONS-1-4-DMZU-RELATIONS-1-4-DMZ

COE-ITSS-9-FWCOE-ITSS-9-FW ENG-CMPR-SCI-9ENG-CMPR-SCI-9 M-NEUROSURG-1M-NEUROSURG-1 U-RELATIONS-1-FWU-RELATIONS-1-FW

COE-ITSS-DMZCOE-ITSS-DMZ ENG-ELEC&CMP-1ENG-ELEC&CMP-1 M-NEUROSURG-2M-NEUROSURG-2 U-RELATIONS-4-FWU-RELATIONS-4-FW

COUNSELING-1-FWCOUNSELING-1-FW ENG-ELEC&CMP-2ENG-ELEC&CMP-2 M-OPTHAMOL-1M-OPTHAMOL-1 UC-LANG-CONS-1-FWUC-LANG-CONS-1-FW

CROC-NUC-LAB-1CROC-NUC-LAB-1 ENG-ELEC&CMP-3ENG-ELEC&CMP-3 M-OTOLYMGOL-1M-OTOLYMGOL-1 UCD-MNRC-1UCD-MNRC-1

CROC-NUC-LAB-2CROC-NUC-LAB-2 ENG-ELEC&CMP-4ENG-ELEC&CMP-4 M-OTOLYMGOL-2M-OTOLYMGOL-2 UCDMCUCDMC

CROC-NUC-LAB-DMZCROC-NUC-LAB-DMZ ENG-MCH&AERO-1ENG-MCH&AERO-1 M-PEDIATRICS-1M-PEDIATRICS-1 USDA-2-4-DMZUSDA-2-4-DMZ

CRU-PCI-1CRU-PCI-1 ENG-MCH&AERO-1-DMZENG-MCH&AERO-1-DMZ M-PHYS-MED-1-DMZM-PHYS-MED-1-DMZ USDA-2-FWUSDA-2-FW

CSE-WSHED-1-DMZCSE-WSHED-1-DMZ ENG-MCH&AERO-2ENG-MCH&AERO-2 M-PHYS-MED-1-FWM-PHYS-MED-1-FW USDA-3-DMZUSDA-3-DMZ

CTR-AG-ISSUE-1-FWCTR-AG-ISSUE-1-FW ENG-MCH&AERO-3ENG-MCH&AERO-3 M-PSYCHIATRY-1M-PSYCHIATRY-1 USDA-3-FWUSDA-3-FW

CTR-CMP-MED-1-FWCTR-CMP-MED-1-FW ENG-MCH&AERO-4ENG-MCH&AERO-4 M-PSYCHIATRY-2M-PSYCHIATRY-2 USDA-4-FWUSDA-4-FW

CTR-CMP-MED-2-FWCTR-CMP-MED-2-FW ENGLISH-1-DMZENGLISH-1-DMZ MATHEMATICS-1-DMZMATHEMATICS-1-DMZ USDA-5USDA-5

CTR-CMP-MED-3-FWCTR-CMP-MED-3-FW ENGLISH-1-FWENGLISH-1-FW MATHEMATICS-1-FWMATHEMATICS-1-FW VC-ADMIN-1-2-3-DMZVC-ADMIN-1-2-3-DMZ

CTR-CMP-MED-4-DMZCTR-CMP-MED-4-DMZ ENTOMOLOGY-1-DMZENTOMOLOGY-1-DMZ MCAST-HD-1MCAST-HD-1 VC-ADMIN-2-FWVC-ADMIN-2-FW

CTR-CMP-MED-4-FWCTR-CMP-MED-4-FW ENTOMOLOGY-1-FWENTOMOLOGY-1-FW MCCLELLAN-NRC-1-DMZMCCLELLAN-NRC-1-DMZ VC-ADMIN-3-FWVC-ADMIN-3-FW

CTR-CMP-MED-5-FWCTR-CMP-MED-5-FW ENTOMOLOGY-2ENTOMOLOGY-2 MCCLELLAN-NRC-1-FWMCCLELLAN-NRC-1-FW VC-RESEARCH-1-DMZVC-RESEARCH-1-DMZ

CTR-CMP-MED-6-DMZCTR-CMP-MED-6-DMZ ENTOMOLOGY-3-DMZENTOMOLOGY-3-DMZ MEYER-COMM-1MEYER-COMM-1 VC-RESEARCH-1-FWVC-RESEARCH-1-FW

CTR-CMP-MED-DMZCTR-CMP-MED-DMZ ENTOMOLOGY-3-FWENTOMOLOGY-3-FW MGMT-SCH-OF-1-DMZMGMT-SCH-OF-1-DMZ VC-RESEARCH-2VC-RESEARCH-2

CTR-COMP-SCI/EN-1CTR-COMP-SCI/EN-1 ENV-HLTH&SAF-1-DMZENV-HLTH&SAF-1-DMZ MGMT-SCH-OF-1-FWMGMT-SCH-OF-1-FW VC-RESEARCH-3-DMZVC-RESEARCH-3-DMZ

CTR-CPANHLTH-1-FWCTR-CPANHLTH-1-FW ENV-HLTH&SAF-1-FWENV-HLTH&SAF-1-FW MGMT-SCH-OF-2-FWMGMT-SCH-OF-2-FW VC-RESEARCH-3-FWVC-RESEARCH-3-FW

CTR-CPANHLTH-2-FWCTR-CPANHLTH-2-FW ENV-HLTH&SAF-2ENV-HLTH&SAF-2 MGMT-SCH-OF-3-SSLMGMT-SCH-OF-3-SSL VC-RESEARCH-5VC-RESEARCH-5

CTR-EQUIN-HL-1-FWCTR-EQUIN-HL-1-FW ENV-HLTH&SAF-3ENV-HLTH&SAF-3 MICROBIOLOGY-1-DMZMICROBIOLOGY-1-DMZ VC-RESEARCH-6VC-RESEARCH-6

CTR-EQUIN-HL-2-FWCTR-EQUIN-HL-2-FW ENV-STUDIES-1-DMZENV-STUDIES-1-DMZ MICROBIOLOGY-1-FWMICROBIOLOGY-1-FW VC-RESEARCH-7-DMZVC-RESEARCH-7-DMZ

CTR-HLTH&ENV-1-DMZCTR-HLTH&ENV-1-DMZ ENV-STUDIES-1-FWENV-STUDIES-1-FW MOL&CELL-BIO-1-DMZMOL&CELL-BIO-1-DMZ VC-RESEARCH-7-FWVC-RESEARCH-7-FW

CTR-HLTH&ENV-1-FWCTR-HLTH&ENV-1-FW ENV-STUDIES-2ENV-STUDIES-2 MOL&CELL-BIO-1-FWMOL&CELL-BIO-1-FW VC-STU-AFFRS-1-3-DMZVC-STU-AFFRS-1-3-DMZ

CTR-MIND-BRAIN-1-FWCTR-MIND-BRAIN-1-FW ENV-STUDIES-2-DMZENV-STUDIES-2-DMZ MOL&CELL-BIO-2-DMZMOL&CELL-BIO-2-DMZ VC-STU-AFFRS-2VC-STU-AFFRS-2

CTR-MIND-BRAIN-3-FWCTR-MIND-BRAIN-3-FW ENV-STUDIES-3-DMZENV-STUDIES-3-DMZ MOL&CELL-BIO-2-FWMOL&CELL-BIO-2-FW VC-STU-AFFRS-3-FWVC-STU-AFFRS-3-FW

CTR-MIND-BRAIN-5-FWCTR-MIND-BRAIN-5-FW ENV-STUDIES-3-FWENV-STUDIES-3-FW MONDAVI-1-2-DMZMONDAVI-1-2-DMZ VET-DIAG-LAB-1VET-DIAG-LAB-1

CTR-NEUROSCI-1-FWCTR-NEUROSCI-1-FW ENV-STUDIES-4ENV-STUDIES-4 MONDAVI-1-FWMONDAVI-1-FW VETGENETICS-1VETGENETICS-1

CTR-NEUROSCI-3-FWCTR-NEUROSCI-3-FW ENV-TOX-1-DMZENV-TOX-1-DMZ MONDAVI-2-FWMONDAVI-2-FW VETGENETICS-3-DMZVETGENETICS-3-DMZ

CTR-NEUROSCI-5-FWCTR-NEUROSCI-5-FW ENV-TOX-1-FWENV-TOX-1-FW MONDAVI-3MONDAVI-3 VETGENETICS-3-FWVETGENETICS-3-FW

CTR-NEUROSCI-DMZCTR-NEUROSCI-DMZ ENV-TOX-2ENV-TOX-2 MONDAVI-4MONDAVI-4 VETGENETICS-4VETGENETICS-4

CULTURE-STDS-1-DMZCULTURE-STDS-1-DMZ EOC-1EOC-1 MONDAVI-5MONDAVI-5 VETMED-1VETMED-1

CULTURE-STDS-1-FWCULTURE-STDS-1-FW EOC-2EOC-2 MONDAVI-6-DMZMONDAVI-6-DMZ VETMED-2VETMED-2

DANR-1-FWDANR-1-FW EVENTS-2EVENTS-2 MU-GENERAL-1MU-GENERAL-1 VH-ADMIN-1-DMZVH-ADMIN-1-DMZ

DANR-2-FWDANR-2-FW EVENTS-3-FWEVENTS-3-FW MU-GENERAL-2MU-GENERAL-2 VH-ADMIN-1-FWVH-ADMIN-1-FW

DANR-3-FWDANR-3-FW EVOL&ECOLOGY-1-2-DMZEVOL&ECOLOGY-1-2-DMZ MU-GENERAL-3MU-GENERAL-3 VH-ADMIN-2-DMZVH-ADMIN-2-DMZ

DANR-4-FWDANR-4-FW EVOL&ECOLOGY-1-FWEVOL&ECOLOGY-1-FW MUSIC-1-FWMUSIC-1-FW VH-ADMIN-2-FWVH-ADMIN-2-FW

DANR-5-FWDANR-5-FW EVOL&ECOLOGY-2-FWEVOL&ECOLOGY-2-FW NEAT-ORU-1-DMZNEAT-ORU-1-DMZ VH-ADMIN-4VH-ADMIN-4

DANR-6-FWDANR-6-FW FAC-ADV-INST-1-DMZFAC-ADV-INST-1-DMZ NEAT-ORU-1-FWNEAT-ORU-1-FW VIT&ENOL-1-DMZVIT&ENOL-1-DMZ

DANR-7-FWDANR-7-FW FAC-ADV-INST-1-FWFAC-ADV-INST-1-FW NEMATOLOGY-1-FWNEMATOLOGY-1-FW VIT&ENOL-1-FWVIT&ENOL-1-FW

DANR-COMMUNI-1-FWDANR-COMMUNI-1-FW FD-SCI&TECH-1-DMZFD-SCI&TECH-1-DMZ NET-MRI-1NET-MRI-1 VM-ACADPROGS-1-FWVM-ACADPROGS-1-FW

DANR-COMMUNI-2-FWDANR-COMMUNI-2-FW FD-SCI&TECH-1-FWFD-SCI&TECH-1-FW NEUROPHY-BEH-1-DMZNEUROPHY-BEH-1-DMZ VM-ANATOMY-1-FWVM-ANATOMY-1-FW

DANR-DMZDANR-DMZ FIN-AID&EMPL-1-DMZFIN-AID&EMPL-1-DMZ NEUROPHY-BEH-1-FWNEUROPHY-BEH-1-FW VM-CENT-SERV-1-FWVM-CENT-SERV-1-FW

DATA-CENTERDATA-CENTER FIN-AID&EMPL-1-FWFIN-AID&EMPL-1-FW NEUROPHY-BEH-3NEUROPHY-BEH-3 VM-CENT-SERV-2-FWVM-CENT-SERV-2-FW

DATA-CENTER-2-DMZDATA-CENTER-2-DMZ FIN-AID&EMPL-1-VPNFIN-AID&EMPL-1-VPN NMR-1-DMZNMR-1-DMZ VM-GEN-I&R-1-FWVM-GEN-I&R-1-FW

DATA-CENTER-DMZDATA-CENTER-DMZ FIN-AID&EMPL-2FIN-AID&EMPL-2 NMR-FACILITY-1-FWNMR-FACILITY-1-FW VM-GEN-I&R-5-FWVM-GEN-I&R-5-FW

DATACENTER-TEMPDATACENTER-TEMP FIRE-DEPT-1-FWFIRE-DEPT-1-FW NOC-1-FWNOC-1-FW VM-GEN-I&R-6-FWVM-GEN-I&R-6-FW

DC&CLIENT-SVC-1-2-DMZDC&CLIENT-SVC-1-2-DMZ FIRE-DEPT-2-FWFIRE-DEPT-2-FW NOC-2NOC-2 VM-MED&EPIDM-2-DMZVM-MED&EPIDM-2-DMZ

DC&CLIENT-SVC-1-FWDC&CLIENT-SVC-1-FW FOOD-SERVICE-1-DMZFOOD-SERVICE-1-DMZ NOC-3-NRNOC-3-NR VM-MED&EPIDM-2-FWVM-MED&EPIDM-2-FW

DC&CLIENT-SVC-12-DMZDC&CLIENT-SVC-12-DMZ FOOD-SERVICE-1-FWFOOD-SERVICE-1-FW NOC-4-NRNOC-4-NR VM-PATHOLOGY-1-FWVM-PATHOLOGY-1-FW

DC&CLIENT-SVC-12-FWDC&CLIENT-SVC-12-FW FOOD-SERVICE-2-DMZFOOD-SERVICE-2-DMZ NOC-SSLNOC-SSL VM-RESEARCH-1-FWVM-RESEARCH-1-FW

DC&CLIENT-SVC-13DC&CLIENT-SVC-13 FOOD-SERVICE-2-FWFOOD-SERVICE-2-FW NOC-TECHNICIANS-1-FWNOC-TECHNICIANS-1-FW VM-RESEARCH-2-FWVM-RESEARCH-2-FW

DC&CLIENT-SVC-14-FWDC&CLIENT-SVC-14-FW FOOD-SERVICE-3-FWFOOD-SERVICE-3-FW NOT-IN-PINNACLE6NOT-IN-PINNACLE6 VM-VECTOR-DIS-RSCH-1-VM-VECTOR-DIS-RSCH-1-DMZDMZ

DC&CLIENT-SVC-15-FWDC&CLIENT-SVC-15-FW FPMS-1-DMZFPMS-1-DMZ NUTRITION-1-DMZNUTRITION-1-DMZ VM-VECTOR-DIS-RSCH-1-VM-VECTOR-DIS-RSCH-1-FWFW

DC&CLIENT-SVC-16-17-DMZDC&CLIENT-SVC-16-17-DMZ FPMS-1-FWFPMS-1-FW NUTRITION-1-FWNUTRITION-1-FW VM-VECTOR-DIS-RSCH-2-VM-VECTOR-DIS-RSCH-2-NATNAT

DC&CLIENT-SVC-16-FWDC&CLIENT-SVC-16-FW FREERADIUS-1FREERADIUS-1 NUTRITION-1-VPNNUTRITION-1-VPN VMTRC-TULARE-1VMTRC-TULARE-1

DC&CLIENT-SVC-17-FWDC&CLIENT-SVC-17-FW GEN-ACAD-1GEN-ACAD-1 O&M-CHCP-1-DMZO&M-CHCP-1-DMZ VOICE-CORE-1VOICE-CORE-1

DC&CLIENT-SVC-2-FWDC&CLIENT-SVC-2-FW GEN-ACAD-1-DMZGEN-ACAD-1-DMZ O&M-CHCP-1-FWO&M-CHCP-1-FW VOICE-EDGE-1VOICE-EDGE-1

DC&CLIENT-SVC-21-FWDC&CLIENT-SVC-21-FW GEN-ACAD-2-FWGEN-ACAD-2-FW O&M:UTILITIES-1O&M:UTILITIES-1 VOIP-MGC-1VOIP-MGC-1

DC&CLIENT-SVC-22-FWDC&CLIENT-SVC-22-FW GEN-ACAD-3GEN-ACAD-3 O&M:UTILITIES-2O&M:UTILITIES-2 VOIP-MGC-2VOIP-MGC-2

DC&CLIENT-SVC-23-FWDC&CLIENT-SVC-23-FW GENOME-CTR-1-4-DMZGENOME-CTR-1-4-DMZ O&M:UTILITIES-DMZO&M:UTILITIES-DMZ VOIP-MGC-3VOIP-MGC-3

DC&CLIENT-SVC-24-FWDC&CLIENT-SVC-24-FW GENOME-CTR-1-FWGENOME-CTR-1-FW OCM-1-FWOCM-1-FW VPNLITE-1VPNLITE-1

DC&CLIENT-SVC-25-FWDC&CLIENT-SVC-25-FW GENOME-CTR-4-FWGENOME-CTR-4-FW OFF-CAMPUSOFF-CAMPUS W-&-F-BIO-1-DMZW-&-F-BIO-1-DMZ

DC&CLIENT-SVC-26-FWDC&CLIENT-SVC-26-FW GENOME-CTR-5-HPRGENOME-CTR-5-HPR ORCHARD-1ORCHARD-1 W-&-F-BIO-1-FWW-&-F-BIO-1-FW

DC&CLIENT-SVC-27-FWDC&CLIENT-SVC-27-FW GENOME-CTR-6-HPRGENOME-CTR-6-HPR ORCHARD-2ORCHARD-2 WASTEWATER-1-FWWASTEWATER-1-FW

DC&CLIENT-SVC-28-FWDC&CLIENT-SVC-28-FW GEOLOGY-1-DMZGEOLOGY-1-DMZ PARKING-SVCS-1-DMZPARKING-SVCS-1-DMZ WCEC-1WCEC-1

DC&CLIENT-SVC-29-FWDC&CLIENT-SVC-29-FW GEOLOGY-1-FWGEOLOGY-1-FW PARKING-SVCS-1-FWPARKING-SVCS-1-FW WEBSTER-1WEBSTER-1

DC&CLIENT-SVC-30-FWDC&CLIENT-SVC-30-FW GEOLOGY-2-FWGEOLOGY-2-FW PARKING-SVCS-2-FWPARKING-SVCS-2-FW WIFSS-1-DMZWIFSS-1-DMZ

DC&CLIENT-SVC-31-FWDC&CLIENT-SVC-31-FW GRAD-STUDIES-1-2-DMZGRAD-STUDIES-1-2-DMZ PERF-SONAR-1PERF-SONAR-1 WIFSS-1-FWWIFSS-1-FW

DC&CLIENT-SVC-32-FWDC&CLIENT-SVC-32-FW GRAD-STUDIES-1-FWGRAD-STUDIES-1-FW PERF-SONAR-2PERF-SONAR-2 WLS-CAMPUS-2WLS-CAMPUS-2

DC&CLIENT-SVC-33-FWDC&CLIENT-SVC-33-FW GRAD-STUDIES-2-FWGRAD-STUDIES-2-FW PERF-SONAR-3PERF-SONAR-3 WLS-EDUROAM-1WLS-EDUROAM-1

DC&CLIENT-SVC-34-FWDC&CLIENT-SVC-34-FW HISTORY-2-FWHISTORY-2-FW PERF-SONAR-4PERF-SONAR-4 WLS-MOOBILENET-1WLS-MOOBILENET-1

DC&CLIENT-SVC-35-FWDC&CLIENT-SVC-35-FW HOUSING-1-DMZHOUSING-1-DMZ PHYS-PLANT-1-FWPHYS-PLANT-1-FW WLS-MOOBILENET-10WLS-MOOBILENET-10

DC&CLIENT-SVC-36-DMZDC&CLIENT-SVC-36-DMZ HOUSING-1-FWHOUSING-1-FW PHYS-PLANT-2-FWPHYS-PLANT-2-FW WLS-MOOBILENET-2WLS-MOOBILENET-2


DC&CLIENT-SVC-39-DMZDC&CLIENT-SVC-39-DMZ HOUSING-2-FWHOUSING-2-FW PHYS-PLANT-4-FWPHYS-PLANT-4-FW WLS-MOOBILENET-4WLS-MOOBILENET-4


DC&CLIENT-SVC-4-FWDC&CLIENT-SVC-4-FW HOUSING-3-FWHOUSING-3-FW PHYS-PLANT-6-FWPHYS-PLANT-6-FW WLS-MOOBILENET-6WLS-MOOBILENET-6

DC&CLIENT-SVC-40-FWDC&CLIENT-SVC-40-FW HR&RISK-MGMT-1-DMZHR&RISK-MGMT-1-DMZ PHYS-PLANT-7PHYS-PLANT-7 WLS-MOOBILENET-7WLS-MOOBILENET-7

DC&CLIENT-SVC-45DC&CLIENT-SVC-45 HR&RISK-MGMT-1-FWHR&RISK-MGMT-1-FW PHYS-PLANT-DMZPHYS-PLANT-DMZ WLS-MOOBILENET-8WLS-MOOBILENET-8

DC&CLIENT-SVC-46DC&CLIENT-SVC-46 HR&RISK-MGMT-3-FWHR&RISK-MGMT-3-FW PHYSICS-1-DMZPHYSICS-1-DMZ WLS-MOOBILENET-9WLS-MOOBILENET-9

DC&CLIENT-SVC-47DC&CLIENT-SVC-47 HR&RISK-MGMT-4-FWHR&RISK-MGMT-4-FW PHYSICS-1-FWPHYSICS-1-FW WLS-MOOBILENETX-1WLS-MOOBILENETX-1

DC&CLIENT-SVC-48-FWDC&CLIENT-SVC-48-FW HR&RISK-MGMT-5-DMZHR&RISK-MGMT-5-DMZ PHYSICS-2-FWPHYSICS-2-FW WLS-MOOBILENETX-10WLS-MOOBILENETX-10

DC&CLIENT-SVC-49-FWDC&CLIENT-SVC-49-FW HR&RISK-MGMT-5-FWHR&RISK-MGMT-5-FW PHYSICS-3PHYSICS-3 WLS-MOOBILENETX-11WLS-MOOBILENETX-11

DC&CLIENT-SVC-5-FWDC&CLIENT-SVC-5-FW HR&RISK-MGMT-6-FWHR&RISK-MGMT-6-FW PHYSICS-4-FWPHYSICS-4-FW WLS-MOOBILENETX-2WLS-MOOBILENETX-2

DC&CLIENT-SVC-50-FWDC&CLIENT-SVC-50-FW HUM-INNOV-LAB-1-DMZHUM-INNOV-LAB-1-DMZ PHYSICS-5PHYSICS-5 WLS-MOOBILENETX-3WLS-MOOBILENETX-3

DC&CLIENT-SVC-51-DMZDC&CLIENT-SVC-51-DMZ HUM-INNOV-LAB-1-FWHUM-INNOV-LAB-1-FW PHYSICS-CCNIEPHYSICS-CCNIE WLS-MOOBILENETX-4WLS-MOOBILENETX-4

DC&CLIENT-SVC-51-FWDC&CLIENT-SVC-51-FW HUMN&COM-DEV-1-DMZHUMN&COM-DEV-1-DMZ PLAN&BUDGET-1-FWPLAN&BUDGET-1-FW WLS-MOOBILENETX-5WLS-MOOBILENETX-5

DC&CLIENT-SVC-52-VPNDC&CLIENT-SVC-52-VPN HUMN&COM-DEV-1-FWHUMN&COM-DEV-1-FW PLANT-BIOLOGY-1-DMZPLANT-BIOLOGY-1-DMZ WLS-MOOBILENETX-6WLS-MOOBILENETX-6

DC&CLIENT-SVC-53-VPNDC&CLIENT-SVC-53-VPN HUMN&COM-DEV-2-DMZHUMN&COM-DEV-2-DMZ PLANT-BIOLOGY-1-FWPLANT-BIOLOGY-1-FW WLS-MOOBILENETX-7WLS-MOOBILENETX-7

DC&CLIENT-SVC-54-FWDC&CLIENT-SVC-54-FW HUMN&COM-DEV-2-FWHUMN&COM-DEV-2-FW PLANT-PATH-1-FWPLANT-PATH-1-FW WLS-MOOBILENETX-8WLS-MOOBILENETX-8

DC&CLIENT-SVC-55-FWDC&CLIENT-SVC-55-FW HUMN&COM-DEV-4HUMN&COM-DEV-4 PLANT-PATH-2-FWPLANT-PATH-2-FW WLS-MOOBILENETX-9WLS-MOOBILENETX-9

DC&CLIENT-SVC-60DC&CLIENT-SVC-60 HVAC-1-DMZHVAC-1-DMZ PLANT-PATH-3PLANT-PATH-3 WLS-RESNET-1WLS-RESNET-1

DC&CLIENT-SVC-65-FWDC&CLIENT-SVC-65-FW HVAC-1-FWHVAC-1-FW PLANT-PATH-4PLANT-PATH-4 WLS-RESNET-10WLS-RESNET-10

DC&CLIENT-SVC-67DC&CLIENT-SVC-67 HVAC-2-DMZHVAC-2-DMZ PLANT-PATH-DMZPLANT-PATH-DMZ WLS-RESNET-11WLS-RESNET-11

DC&CLIENT-SVC-68DC&CLIENT-SVC-68 HVAC-2-FWHVAC-2-FW PLANT-SCIENCES-1-DMZPLANT-SCIENCES-1-DMZ WLS-RESNET-12WLS-RESNET-12

DC&CLIENT-SVC-70-FWDC&CLIENT-SVC-70-FW HVAC-3HVAC-3 PLANT-SCIENCES-1-FWPLANT-SCIENCES-1-FW WLS-RESNET-13WLS-RESNET-13

DC&CLIENT-SVC-71-FWDC&CLIENT-SVC-71-FW IDAV-1IDAV-1 PLANT-SCIENCES-10-DMZPLANT-SCIENCES-10-DMZ WLS-RESNET-14WLS-RESNET-14

DC&CLIENT-SVC-72-DMZDC&CLIENT-SVC-72-DMZ IDAV-2-DMZIDAV-2-DMZ PLANT-SCIENCES-10-FWPLANT-SCIENCES-10-FW WLS-RESNET-15WLS-RESNET-15

DC&CLIENT-SVC-73-FWDC&CLIENT-SVC-73-FW IDAV-2-FWIDAV-2-FW PLANT-SCIENCES-13-DMZPLANT-SCIENCES-13-DMZ WLS-RESNET-19WLS-RESNET-19

DC&CLIENT-SVC-74-FWDC&CLIENT-SVC-74-FW IDAV-CSE-1-2-DMZIDAV-CSE-1-2-DMZ PLANT-SCIENCES-13-FWPLANT-SCIENCES-13-FW WLS-RESNET-2WLS-RESNET-2

DC&CLIENT-SVC-75-FWDC&CLIENT-SVC-75-FW IDAV-CSE-1-FWIDAV-CSE-1-FW PLANT-SCIENCES-14-DMZPLANT-SCIENCES-14-DMZ WLS-RESNET-20WLS-RESNET-20

DC&CLIENT-SVC-76-FWDC&CLIENT-SVC-76-FW IDAV-CSE-2-FWIDAV-CSE-2-FW PLANT-SCIENCES-14-FWPLANT-SCIENCES-14-FW WLS-RESNET-21WLS-RESNET-21

DC&CLIENT-SVC-77-FWDC&CLIENT-SVC-77-FW IDAV-CSE-3-HPRIDAV-CSE-3-HPR PLANT-SCIENCES-2-DMZPLANT-SCIENCES-2-DMZ WLS-RESNET-22WLS-RESNET-22

DC&CLIENT-SVC-78-FWDC&CLIENT-SVC-78-FW IDS-2IDS-2 PLANT-SCIENCES-2-FWPLANT-SCIENCES-2-FW WLS-RESNET-3WLS-RESNET-3

DC&CLIENT-SVC-8-FWDC&CLIENT-SVC-8-FW IET-EAIS-SANDBOX-1-FWIET-EAIS-SANDBOX-1-FW PLANT-SCIENCES-3-DMZPLANT-SCIENCES-3-DMZ WLS-RESNET-4WLS-RESNET-4

DC&CLIENT-SVC-85DC&CLIENT-SVC-85 IN-GOVT-AFF-1-DMZIN-GOVT-AFF-1-DMZ PLANT-SCIENCES-3-FWPLANT-SCIENCES-3-FW WLS-RESNET-5WLS-RESNET-5

DC&CLIENT-SVC-86DC&CLIENT-SVC-86 IN-GOVT-AFF-1-FWIN-GOVT-AFF-1-FW PLANT-SCIENCES-4-DMZPLANT-SCIENCES-4-DMZ WLS-RESNET-6WLS-RESNET-6

DC&CLIENT-SVC-87DC&CLIENT-SVC-87 IN-GOVT-AFF-2-FWIN-GOVT-AFF-2-FW PLANT-SCIENCES-4-FWPLANT-SCIENCES-4-FW WLS-RESNET-7WLS-RESNET-7

Q12.Q12. Number of Systems supported: Number of Systems supported: Windows Systems-Windows Systems-

Q13.Q13. Macintosh Systems- Macintosh Systems-

Q14.Q14. Unix /Linux Variant Systems- Unix /Linux Variant Systems-

DC&CLIENT-SVC-88DC&CLIENT-SVC-88 IN-GOVT-AFF-3-FWIN-GOVT-AFF-3-FW PLANT-SCIENCES-5-DMZPLANT-SCIENCES-5-DMZ WLS-RESNET-8WLS-RESNET-8

DC&CLIENT-SVC-89DC&CLIENT-SVC-89 INFOBLOX-1INFOBLOX-1 PLANT-SCIENCES-5-FWPLANT-SCIENCES-5-FW WLS-RESNET-9WLS-RESNET-9

DC&CLIENT-SVC-90DC&CLIENT-SVC-90 INFOBLOX-2INFOBLOX-2 PLANT-SCIENCES-6-DMZPLANT-SCIENCES-6-DMZ WLS-UNMANAGED-1WLS-UNMANAGED-1

DC&CLIENT-SVC-91DC&CLIENT-SVC-91 INST-T-DYNAM-1INST-T-DYNAM-1 PLANT-SCIENCES-6-FWPLANT-SCIENCES-6-FW WOMENS-CNTR-1-FWWOMENS-CNTR-1-FW

DC&CLIENT-SVC-92DC&CLIENT-SVC-92 INST-TRNS-ST-1INST-TRNS-ST-1 PLANT-SCIENCES-8-DMZPLANT-SCIENCES-8-DMZ XRAY-1XRAY-1

DC&CLIENT-SVC-93DC&CLIENT-SVC-93 INST-TRNS-ST-2-DMZINST-TRNS-ST-2-DMZ PLANT-SCIENCES-8-FWPLANT-SCIENCES-8-FW Other VLANOther VLAN

DC&CLIENT-SVC-94DC&CLIENT-SVC-94

Q27.Q27. If you chose "Other VLAN" in the previous question please give details.

This question was not displayed to the respondent.

Q121.Q121. If you chose "Cloud services" in the previous question please give details.


Q122.Q122.If you chose "Individual machine" in the previous question please provide the MAC address for theindividual machine the survey is being filled out for.


Q16.Q16.Who is the CISO is of U.C. Davis?Who is the CISO is of U.C. Davis?

Q17.Q17.Who is the Privacy Officer for U.C. Davis?Who is the Privacy Officer for U.C. Davis?

Q18.Q18.How would you contact the information security group if you needed to reach them? How would you contact the information security group if you needed to reach them?

Q15.Q15. We’d like to ask a few awareness questions—it’s OK if you don’t know the answers. Your honest We’d like to ask a few awareness questions—it’s OK if you don’t know the answers. Your honestresponse will help us understand how visible these positions are to the campus.response will help us understand how visible these positions are to the campus.

Q19.Q19.Main Survey Main Survey

YesYes

NoNo

Q20.Q20. ISO 5 Information security: 1) In the last year, has your unit engaged in a risk assessment from an external source or on your own?

Yes, and it is based on a risk assessment that the unit went throughYes, and it is based on a risk assessment that the unit went through

Yes, and it is not based on a risk assessmentYes, and it is not based on a risk assessment

NoNo

Q21.Q21.2) In the last two years, has your unit developed an information security plan?

YesYes

NoNo

Q22.Q22.3) Does your unit house a system or provide a service that is critical to the business of other campus departments (i.e.,Banner, Pre-Purchasing, etc.)?

Q23.Q23.3b) If you chose yes for question 3 please give details. Question 3 was, "Does your unit house a system orprovide a service that is critical to the business of other campus departments (i.e.,Banner, Pre-Purchasing, etc.)?"


YesYes

NoNo

Q24.Q24.ISO 6 Organization of information security4) Does an individual in your unit have information security responsibility included in his/her job description?

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q25.Q25.5) What percentage of the technical staff have information security responsibility included in their job descriptions?

00

1-101-10

11-2011-20

>20>20

Q26.Q26.6) Of the faculty and staff that you support, how many have telecommuted on at least one occasion?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q28.Q28.7) If you answered one or more, what percentage used non-university-owned devices? (I.e., a personal or homecomputer not managed and maintained by the university.)

YesYes

NoNo

Q29.Q29.8) Does your unit have an official telecommuting policy?

YesYes

NoNo

Q30.Q30.9) Does your department allow personally owned computing devices to connect to internal networks (i.e., using personalphone or laptop to connect to a departmental file server)?

YesYes

NoNo

Q31.Q31.10) Does your department have a way to keep track of non-authorized, or non-UC Davis owned devices that connect toyour departmental network (i.e. through VPN access logs)?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

Q32.Q32.11) If you answered yes to question 10, then within the last year, of the devices that connected to your internal network,what percentage are unmanaged devices (i.e., personal laptops, tablets, etc.)?

90-95%90-95%

96-100%96-100%

1-50%1-50%

Done before they start workDone before they start work

1-2 Days1-2 Days

3-4 Days3-4 Days

5-7 Days5-7 Days

8 or more Days8 or more Days

Q33.Q33.ISO 7 Human resource security12) What is the average time it takes to onboard a new employee into your unit, (i.e., granting them access to campusand departmental systems, and equipping them to work)?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q34.Q34.13) What percentage of IT employees have background checks before or upon starting work?

UnknownUnknown

0-50%0-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q35.Q35.14) What percentage of non-IT employees have background checks before or upon starting work?

Q36.Q36.15) Are security guidelines/responsibilities documented and discussed with all employees (i.e., in department policy orprocedural manual, in their job description, etc.)?

YesYes

NoNo

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q37.Q37.16) What percentage of employees participate in cyber security training, including awareness training?

Never or rarelyNever or rarely

At least once in the last three yearsAt least once in the last three years

1-2 times a year�1-2 times a year�

More than 2 times a yearMore than 2 times a year

Q38.Q38.17) On average, how often do non-IT employees within your department/unit receive technical training to improve theirskills, or awareness training to increase their knowledge?


At least once in the last three yearsAt least once in the last three years

1-2 times a year�1-2 times a year�

More than 2 times a yearMore than 2 times a year

Q39.Q39.18) On average, how often does the technical staff (i.e. developers, sysadmins, etc.) in your department receive technicaltraining concerning best practices in their area of expertise? (I.e., developers/OWSP or sysadmins/system hardening)

DayDay

Week�Week�

Month�Month�

Year�Year�

Q40.Q40. 19) When an employee leaves your department, how long (on average) does it take to revoke his/her access rightsto systems that have sensitive data?

Do not knowDo not know

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q41.Q41.ISO 8 Asset management:20) What percentage of university-owned devices with the ability to store information (i.e. computers, printers, phones)are tracked within an inventory system?

YesYes

NoNo

Q42.Q42.21) Does your department/unit have a formal written document that employees are required to sign, advising them oftheir responsibilities for equipment assigned to them?

0%0%

1-10%1-10%

11-25%11-25%

26-50%26-50%

>50%>50%

Q43.Q43.22) If yes, what percentage of employees have not sign the document?

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q44.Q44.23) Think of all the computing equipment used by people in your department (i.e. laptop, desktop, hard drive, tape drive,etc.). If the equipment were stolen, would you be able to assess whether it contained personal information? Please choosethe percentage that best fits your situation, as in, I could know XX-XX percent of the time whether the stolen itemcontained personal information.

1-50%1-50%

Very low or noneVery low or none

Low�Low�

Medium�Medium�

HighHigh

Very highVery high

Q45.Q45.24) For Question 23, with what degree of accuracy could you make that assessment about a stolen piece of equipment?

None of the devices in this unit contains this dataNone of the devices in this unit contains this data

UnknownUnknown

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q46.Q46.25) What percentage of university-owned devices in your area store student data information?


UnknownUnknown

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q47.Q47.26) What percentage of devices store information that might be considered to be health Information or data?


UnknownUnknown

Q48.Q48.27) What percentage of systems contain credit card information (not counting the information an individual keeps forher/his own credit card)?

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%


UnknownUnknown

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q49.Q49.28) What percentage of systems store PII , excluding personal tax and PII that a normal user keeps on his/her machine?


UnknownUnknown

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q50.Q50.29) Within the last year, what percentage of devices (laptops, desktops, servers, etc.) have been scanned for sensitivedata (e.g. Social Security numbers, FERPA, HIPPA, PCI data)?

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

There are no critical systemsThere are no critical systems

1-50%1-50%

Q51.Q51.30) Within the last year, what percentage of your department’s critical systems have been scanned for sensitive data(e.g., Social Security numbers, FERPA, HIPPA, PCI data)?

We do not scanWe do not scan

Manual process (i.e., a questionnaire)Manual process (i.e., a questionnaire)

Identity Finder (license provided by campus)Identity Finder (license provided by campus)

Identity Finder (other license)Identity Finder (other license)

App/Scripts developed within the departmentApp/Scripts developed within the department

OtherOther

Q52.Q52.31) What primary tool do you use for scanning for sensitive data?

Q53.Q53. 31b) If you answered "Other" for question 31 please give details. Question 31 was,"What primary tool do you use for scanning for sensitive data?"


DailyDaily

Weekly�Weekly�

MonthlyMonthly

Yearly�Yearly�

When necessaryWhen necessary


Q54.Q54.32) If you scan, how frequently?

No growth�No growth�

1-10% growth1-10% growth



>50% growth>50% growth

Q55.Q55.33) Over the last 24 months, what is the growth of cloud adoption within your departmentor unit?

Q56.Q56.34) Over the next two to five years, what is the projected growth of cloud adoption within your department or unit?

No growth�No growth�




>50% growth>50% growth

DailyDaily

Weekly�Weekly�

MonthlyMonthly

Yearly�Yearly�

When necessaryWhen necessary


Q57.Q57.ISO 9 Access control35) How often are user permissions reviewed for your critical systems?

NeverNever

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q58.Q58.36) When employees’ roles or positions change, what percentage of the time are their permissions reviewed?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q59.Q59.37) What percentage of your critical systems that your unit provides require multi-factor authentication?

Q60.Q60.

Yes, for all employeesYes, for all employees

Yes, for a subset of employeesYes, for a subset of employees

NoNo

Q60.Q60.38) Does your department/unit use a department-wide password management system (i.e. Lastpass)?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q61.Q61.39) In the last two years, please estimate the percentage of your critical systems for which your department/unit hasaudited the user accounts.

No user accounts were invalidNo user accounts were invalid

1-5%1-5%

6-10%6-10%

11-20%11-20%

>20%>20%

UnknownUnknown

Q62.Q62.40) If you answered something other than “none” for question 39: When last checked, what percentage of user accountswere invalid, i.e. they were active with permissions for employees who no longer work at UC Davis, and had noextenuating circumstances justifying an active account, or system calls with outdated account?

(Question 39 was: "In the last two years, please estimate the percentage of your criticalsystems for which your department/unit has audited the user accounts.")

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q63.Q63.ISO 10 Cryptography41) What percentage of university-owned mobile devices in your area (i.e. laptops, tablets, phones) use full-diskencryption?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q64.Q64.42) What percentage of university-owned desktops in your area use full-disk encryption?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q65.Q65.43) What percentage of file shares and other file storage devices/services are encrypted?

YesYes

NoNo

Q66.Q66.44) Does your department have a documented encryption key management process?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q67.Q67.ISO 11 Physical and environmental security45) What percentage of machines that are critical to your department’s infrastructure, or that retain sensitive data, are inrestricted locations? (E.g., a locked server room, or locked research lab, with controls to monitor access.)

YesYes

NoNo

Q68.Q68.46) Does your department/unit have a documented procedure for disposing of computer storage devices?

NoneNone

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q69.Q69.47) What percentage of workstations in your area are secured with cables and locks?

YesYes

NoNo

Q70.Q70.48) Do you have a documented locked screen policy? e.g. the computer will auto lock the screen after so many minutesof not being used.

Q71.Q71.49) If yes to 48: What percentage of users generally follow it? Question 48 was, "Do you have a documentedlocked screen policy? e.g. the computer will auto lock the screen after so many minutesof not being used."


UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

Q72.Q72.ISO 12 Operations security50) In your environment, what percentage of your infrastructure is monitored to provide instant status (i.e., of the healthof your network and the devices on it)?

96-100%96-100%

1-50%1-50%

Yes, but only some services has separate environmentsYes, but only some services has separate environments

Yes, all unique environments are separated from each other to writeYes, all unique environments are separated from each other to write

NoNo

Does not applyDoes not apply

Q73.Q73.51) Are your development, testing, and production environments separated from each other?

Q74.Q74. 51b) If you answered "Does not apply" for question 51 please give details. Question51 was, "Are your development, testing, and production environments separated fromeach other? "


UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q75.Q75.52) What percentage of the Windows-based operating systems have antivirus software?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q76.Q76.53) What percentage of the Mac-based operating systems have antivirus software?

We do not have a central or enterprise console.We do not have a central or enterprise console.

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q77.Q77.54) For the devices that have antivirus software installed, what percentage is managed through a central or enterpriseconsole?

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q78.Q78.55) What percentage of servers is routinely backed up?

At least weeklyAt least weekly

At least monthlyAt least monthly

At least every other monthAt least every other month

At least twice a yearAt least twice a year

At least yearlyAt least yearly

Backups are not really checkedBackups are not really checked

Q79.Q79.56) On average, how often are backups tested for critical servers (i.e. fileserver)?

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

Q80.Q80.57) What percentage of end-user devices are equipped with backup software?

96-100%96-100%

1-50%1-50%

0%0%

96-100%96-100%

1-50%1-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

Q81.Q81.58) What percentage of backups that are managed by the department IT staff, i.e. not cloud storage and notpersonal external hard drives, stored separately from the rest of the network, i.e. tape/HD stored offsite?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q82.Q82.59) What percentage of your IT systems are set up to generate logs with relevant data ?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q83.Q83.60) What percentage of critical devices (i.e. servers and/or computers with highly sensitive data) are set up to activelycollect logs that are monitored either manually or through a SIEM or other alerting tool/service?

Q84.Q84.61) How often does your department or unit analyze logs to detect anomalies?

ContinuouslyContinuously

DailyDaily

WeeklyWeekly

RarelyRarely

NeverNever

DayDay

Week�Week�

Month�Month�

Year�Year�

Do not knowDo not know

Q85.Q85.62) On average, how long are logs retained for systems your department deems critical (i.e. AD Server, File server, etc.)?

Q86.Q86.63) Do you send logs to an alerting service?

Yes, to the UC Davis SIEM tool (managed by IET)Yes, to the UC Davis SIEM tool (managed by IET) Although the department has logs, they are not evaluatedAlthough the department has logs, they are not evaluatedregularlyregularly

Yes, to a monitoring service, i.e. Alert LogicYes, to a monitoring service, i.e. Alert Logic Our unit/department does not have logsOur unit/department does not have logs

Although department has logs, they are evaluated or monitoredAlthough department has logs, they are evaluated or monitoredinternally (i.e. alerting scripts, daily review process of criticalinternally (i.e. alerting scripts, daily review process of criticallogs, etc.)logs, etc.)

OtherOther

Q137.Q137. 63b) If you answered "Other" for question 63 please give details. Question 63 was "Do yousend logs to an alerting service?


UnknownUnknown

0%0%

26-50%26-50%

51-75%51-75%

76-100%76-100%

1-25%1-25%

Q87.Q87.64) What percentage of users operate with administrative privileges?

UnknownUnknown

0%0%

26-50%26-50%

51-75%51-75%

76-100%76-100%

1-25%1-25%

Q88.Q88.65) What percentage of university-owned devices are not managed by the IT Department? e.g. A research lab desktopthat the P.I. has administrative privileges, but the IT Department does not.

Q89.Q89.66) What is the primary method that your unit uses to patch end-point devices?

On an individual basis (Sneaker Net)On an individual basis (Sneaker Net) Puppet�Puppet�

Turning on “auto update” on for all software with thatTurning on “auto update” on for all software with thatfunctionality�functionality� WSUSWSUS

Automated custom scripts (i.e. Perl, Python, AppleScript, etc.)Automated custom scripts (i.e. Perl, Python, AppleScript, etc.) OtherOther

IBM BigfixIBM Bigfix SCCMSCCM

Q90.Q90. 66b) If you answered "Other" for question 66 please give details. (Question 66 was,"What is the primary method that your unit uses to patch end-point devices?"


Q91.Q91. 67) What is the primary method that your unit uses to patch third-party software on end- point devices?





Q92.Q92. 67b) If you answered "Other" for question 67 please give details. Question 67 was,"What is the primary method that your unit uses to patch third-party software on end-point devices?"


Q93.Q93.68) What is the primary method that your unit uses to patch servers?





Q94.Q94. 68b) If you answered "Other" for question 68 please give details. Question 68 was,"What is the primary method that your unit uses to patch servers?"


UnknownUnknown

0-50%0-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q95.Q95.69) What percentage of devices are up to date with all required patches?

YesYes

NoNo

Q96.Q96.ISO 13 Communications security70) Does your department/unit have a policy on securely sharing files?

Q97.Q97. 71) What method does your department use to securely share files?

File share server, with documented processes in place to shareFile share server, with documented processes in place to sharesecurelysecurely Other on-premises toolOther on-premises tool

Box, with documented processes in place to share securelyBox, with documented processes in place to share securely Other cloud-based toolOther cloud-based tool

OneDrive (cloud SharePoint), with documented processes inOneDrive (cloud SharePoint), with documented processes inplace to share securelyplace to share securely

Use one or more tools, but no documented process to shareUse one or more tools, but no documented process to sharesecurelysecurely

Google Drive, with documented processes in place to shareGoogle Drive, with documented processes in place to sharesecurelysecurely

Q98.Q98. 71b) If you answered "Other cloud-based tool" for question 71 please give details.Question 71 was, "What method does your department use to securely share files?"


YesYes

NoNo

Q99.Q99.72) Does your department have guidelines or documented processes to govern electronic messaging?

0%0%

26-50%26-50%

51-75%51-75%

76-100%76-100%

1-25%1-25%

Q100.Q100.ISO 14 System acquisition, development and maintenance:73) Of the applications that you support, what percentage process secure information ?

YesYes

NoNo

Q101.Q101.74) Does your department/unit have a documented secure application development policy or “good practice” guide?

00

11

2-32-3

4-54-5

>5>5

Q102.Q102.75) In the last year, have you experienced disclosure of sensitive data within test environments?

YesYes

NoNo

Q103.Q103.ISO 15 Supplier relationships:76) Does your department/unit have a formal departmental practice/procedure in place for managing supplierrelationships?

0 times0 times

1-2 times1-2 times

3-5 times3-5 times

6-10 times6-10 times

>10 times>10 times

Q104.Q104.ISO 16 Information security incident management:77) In the last year, did your department/unit experience a major incident (i.e., a significant intrusion)?

YesYes

NoNo

Q105.Q105.78) Does your department/unit have a formal incident response plan?

0 times0 times

1-2 times1-2 times

3-5 times3-5 times

6-10 times6-10 times

>10 times>10 times

Q106.Q106.79) In the last year, how many times did your department/unit escalate an information security event to the UC DavisInformation Security team?

NeverNever

1-2 times a year1-2 times a year



Q107.Q107.80) In your department/unit, how often are security weaknesses reported from people, that are not IT Staff?

>10 times a year>10 times a year

YesYes

NoNo

Q108.Q108.81) In your department/unit, is there a notification procedure for employees on security events or weaknesses?

UnknownUnknown

0%0%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

1-50%1-50%

Q109.Q109.82) What percentage of the time are security procedures reviewed after events or weaknesses are reported?

Yes, but have not updated it in the last yearYes, but have not updated it in the last year

Yes, and it was done or has been updated in the last yearYes, and it was done or has been updated in the last year

NoNo

Q110.Q110.ISO 17 Information security aspects of business continuity management: 83) To your knowledge, has your department/unit participated in the systemwide continuity-planning program, throughthe use of the UC Ready tool?

Yes, but have not updated it in the last yearYes, but have not updated it in the last year

Yes, and it was done or has been updated in the last yearYes, and it was done or has been updated in the last year

NoNo

Q111.Q111.84) Has your department/unit developed a continuity plan, not including the UC Ready tool?

Q112.Q112.ISO 18 Compliance:85) In your department/unit, which standards or regulatory requirements would cost the department the most ifcompliance is not met?

Student data (FERPA)Student data (FERPA)

Health or medical data (HIPAA like data)Health or medical data (HIPAA like data)

Credit card data (PCI-DSS)Credit card data (PCI-DSS)

UC Davis cybersafety policyUC Davis cybersafety policy

Intellectual PropertyIntellectual Property

OthersOthers

Q116.Q116.85b) If you answered "Other" for question 85 please give details. Question 85 was, "Inyour department/unit, which standards or regulatory requirements would cost thedepartment the most if compliance is not met?"


0-50%0-50%

51-79%51-79%

80-89%80-89%

90-95%90-95%

96-100%96-100%

Q113.Q113.86) For the above, what is your confidence level that the department/unit complies with applicable standards andregulatory requirements?

Staffing (resources)Staffing (resources)

Processes (training)Processes (training)

Technologies (tools)Technologies (tools)

DocumentationDocumentation

OtherOther

Organizational Resistance to ChangeOrganizational Resistance to Change

Q114.Q114.87) In your department/unit, what area is the primary constraint on the ability to implement standards or regulatoryrequirements?

Q117.Q117.87b) If you answered "Other" for question 87 please give details. Question 87 was, "Inyour department/unit, what area is the primary constraint on the ability to implementstandards or regulatory requirements?"

Q120.Q120.90) How many funds has your unit/department/college budgeted only to be used in case of a data breach?90) How many funds has your unit/department/college budgeted only to be used in case of a data breach?

standards or regulatory requirements?"


Less than a year agoLess than a year ago

Within 1-2 yearsWithin 1-2 years

Within 2-3 yearsWithin 2-3 years

More than 3 yearsMore than 3 years

NeverNever

Q115.Q115.88) When was the last time an audit was performed by someone outside of your department/unit to assess yourcompliance?

Risk assessmentRisk assessment

Penetration testingPenetration testing

Incident responseIncident response

TrainingTraining

OtherOther

Q118.Q118.89) In your department/unit, which of the following services would do the most to help you increase your compliancelevel?

Q119.Q119.89b) If you answered "Other" for question 89 please give details. Question 89 was, "Inyour department/unit, which of the following services would do the most to help youincrease your compliance level?"


Q130.Q130.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campus





must either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.










Q123.Q123.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.











Location Data

Location: (38.482894897461, -121.63980102539)

Source: GeoIP Estimation


https://maps.google.com/?q=38.482894897461,-121.63980102539

https://maps.google.com/?q=38.482894897461,-121.63980102539

introduction - university of california, davis. name of person completing report: q4. name of...

Documents