Viewable by the world
Group Access to CIO
Can VIEW the space: cio-editors ,  anonymous ,  all-lbnl-users ,  confluence-administrators , 
Can EDIT the space: confluence-administrators , 
Can ADMINISTER the space: confluence-administrators , 
Individual Access to CIO
Can VIEW the space: asultan@lbl.gov ,  adstone@lbl.gov ,  pbutler@lbl.gov ,  mtdedlow@lbl.gov ,  scedwards@lbl.gov ,  jekrous@lbl.gov ,  jrschober@lbl.gov ,  arica@lbl.gov , 
Can EDIT the space: mtdedlow@lbl.gov ,  adstone@lbl.gov ,  pbutler@lbl.gov ,  jekrous@lbl.gov ,  asultan@lbl.gov ,  jrschober@lbl.gov ,  scedwards@lbl.gov ,  arica@lbl.gov , 
Can ADMINISTER the space: jekrous@lbl.gov ,  asultan@lbl.gov ,  adstone@lbl.gov ,  pbutler@lbl.gov ,  mtdedlow@lbl.gov ,  jrschober@lbl.gov ,  scedwards@lbl.gov ,  arica@lbl.gov , 

Versions Compared

Old Version 46

changes.mady.by.user Joy Ellyn Bonaguro

Saved on

compared with

New Version 47

changes.mady.by.user Joy Ellyn Bonaguro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use layout
norightsidebar
norightsidebar

Effective Date: October 1, 20112012-September 30, 20122013

Tip
titleApproval

Approved By: Rosio Alvarez, Chief Information Officer

Table of Contents

Table of Contents
maxLevel2

1.0 Introduction

The goal of the LBNL Cyber Security Assurance Plan is designed to ensure that LBNL cyber security systems are effective, meet contractual requirements, and support the LBNL mission. LBNL establishes, with the Department of Energy (DOE), an understanding of acceptable risk and develops and tailors controls in an ongoing way to meet this standard. LBNL develops and implements the appropriate controls and provides, for itself, assurance that the system is functioning as intended. This Plan describes the Cyber Security assurance mechanisms that inform management if controls are working as designed and if the set of controls is appropriately protecting the institution. Implementing this Plan drives performance improvement by self-identifying, preventing, and correcting issues. These assurance mechanisms will be used to demonstrate to DOE, the University of California (UC), and LBNL management that the cyber security mechanisms themselves are adequate to reduce risk to the agreed upon level, and that controls are functioning as intended.

...

Assessment Title

Schedule

Performed By

Authorizing System Assessments

Was triennial, moving to continuous authorization

Office of the CIO/Cyber Security Program/External Assessors

Peer Review

Every 3-5 years, last assessed in June 2010

Similar institutions

Data Security of Outsourced Applications

Per IAS Audit Plan

LBNL Internal Audit Services

DOE Financial Statement Audit*

LBNL was selected for FY12. Audit conducted in June 2012.

DOE Inspector General using KPMG

DOE Federal Information Security Act (FISMA) Audit*

LBNL was selected for FY12. Audit conducted in June 2012.

DOE Inspector General using KPMG

DOE IT Vulnerability Assessment*

LBNL was selected for FY12. Audit conducted in June 2012.

DOE Inspector General using KPMG

DOE Cyber Security Incident Management Program*

LBNL was selected for FY12. Audit conducted in April 2012.

DOE Inspector General

Berkeley Site Office Oversight Activities*

Varies

BSO

DOE-HSS Oversight Activities*

Varies

DOE-HSS

LBNL Internal Audit Services

Per IAS Audit Plan

LBNL Internal Audit Services

Management Controls and Compliance Program

Completed by 7/1 (At discretion of OCFO, subset of controls related to IT operations)

LBNL CF

Self-Assessment Risk Assessment

Annually by 10/1

Office of the CIO/Cyber Security Program

UC Self-Assessment

Annually by 10/1 (when required by UC)

Office of the CIO/Cyber Security Program

*Assessment occurs at the discretion of oversight entity.