Upload
vuongquynh
View
214
Download
0
Embed Size (px)
Citation preview
Q3.Q3.Name of person completing report:Name of person completing report:
Q4.Q4.Name of supervisor or direct manager:Name of supervisor or direct manager:
Q1.Q1.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.
The UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andThe UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andimproved with a change in approach. The 2015 survey:improved with a change in approach. The 2015 survey:
Introduces ISO security standards as the framework for assessing security compliance. This alignsIntroduces ISO security standards as the framework for assessing security compliance. This alignswith UC Office of the President efforts to rewrite University of California Information Security Policy ISwith UC Office of the President efforts to rewrite University of California Information Security Policy IS3 so that it mirrors ISO 27001 and 27002 Security criteria.3 so that it mirrors ISO 27001 and 27002 Security criteria.Moves away from simple yes/no answers, to more nuanced questions that will provide higher qualityMoves away from simple yes/no answers, to more nuanced questions that will provide higher qualitydata and a more accurate overall picture.data and a more accurate overall picture.
The safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyThe safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyappreciates your candid participation in this survey. As technical professionals, you know how importantappreciates your candid participation in this survey. As technical professionals, you know how importantbest practices are to security administration. This survey, and the results it obtains, reinforce thosebest practices are to security administration. This survey, and the results it obtains, reinforce thosestandards.standards.
Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Therefore, we (the Information Security group) are looking for the best possible answers, not for perfect orTherefore, we (the Information Security group) are looking for the best possible answers, not for perfect orexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to beexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to becorrect. If there is no hard data for a particular question, then please answer with your best guess.correct. If there is no hard data for a particular question, then please answer with your best guess.
We are seeking insight into how the campus operates, and giving us your best possible answers will help usWe are seeking insight into how the campus operates, and giving us your best possible answers will help us1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our services1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our servicesto help reduce that risk.to help reduce that risk.
Your responses will help us understand our collective progress and shed light on our shared challenges.Your responses will help us understand our collective progress and shed light on our shared challenges.Thank you in advance for thoughtfully participating in this critical survey.Thank you in advance for thoughtfully participating in this critical survey.
Q2.Q2.Pre-Survey QuestionsPre-Survey QuestionsThese pre-survey questions will help us understand and respond to survey findings. We appreciateThese pre-survey questions will help us understand and respond to survey findings. We appreciateyour willingness to provide us with the following information. your willingness to provide us with the following information.
Q5.Q5.Email AddressEmail Address
Q6.Q6.Phone Number Phone Number
Q8.Q8. Name of Unit/Department (include sub-units if appropriate) Name of Unit/Department (include sub-units if appropriate)
Q10.Q10.How many FTE with in the units that this survey covers? How many FTE with in the units that this survey covers?
Q7.Q7. Name of College, Professional School, Administrative Unit: Name of College, Professional School, Administrative Unit:
Q9.Q9.Population of users supported in survey response (check all that apply)
FacultyFaculty StudentsStudents
StaffStaff
Q11.Q11.Please list the VLAN names represented in your survey response? If this survey includes other sources, i.e.cloud services, or an individual machine, please choose other and explain. If it is for an individual machineplease include the MAC address.
Cloud servicesCloud services DC&CLIENT-SVC-95DC&CLIENT-SVC-95 INST-TRNS-ST-2-FWINST-TRNS-ST-2-FW PLANT-SCIENCES-9-DMZPLANT-SCIENCES-9-DMZ
Individual machineIndividual machine DC-COLO-1-DMZDC-COLO-1-DMZ INTERNAL-AUD-1-DMZINTERNAL-AUD-1-DMZ PLANT-SCIENCES-9-FWPLANT-SCIENCES-9-FW
ACAD-PREP-PROG-1-DMZACAD-PREP-PROG-1-DMZ DC-COLO-1-FWDC-COLO-1-FW INTERNAL-AUD-1-FWINTERNAL-AUD-1-FW POLICE-1POLICE-1
ACAD-PREP-PROG-1-FWACAD-PREP-PROG-1-FW DC-NOC-VM-1-DMZDC-NOC-VM-1-DMZ INTGRTD-STDS-1INTGRTD-STDS-1 POLICE-3-FWPOLICE-3-FW
ACTG&FINAC-1-DMZACTG&FINAC-1-DMZ DC-PRIVATE-DISTR-RCVRYDC-PRIVATE-DISTR-RCVRY INTRCOL-ATHL-1-FWINTRCOL-ATHL-1-FW POLICE-4-FWPOLICE-4-FW
ACTG&FINAC-1-FWACTG&FINAC-1-FW DC-PRIVATE-PRIMARYDC-PRIVATE-PRIMARY INTRCOL-ATHL-2INTRCOL-ATHL-2 POLICE-911-DMZPOLICE-911-DMZ
ACTG&FINAC-2-DMZACTG&FINAC-2-DMZ DEAN-AG-1-DMZDEAN-AG-1-DMZ INTRCOL-ATHL-3-FWINTRCOL-ATHL-3-FW POLIT-SCI-1-DMZPOLIT-SCI-1-DMZ
ACTG&FINAC-2-FWACTG&FINAC-2-FW DEAN-AG-1-FWDEAN-AG-1-FW INTRCOL-ATHL-4-DMZINTRCOL-ATHL-4-DMZ POLIT-SCI-1-FWPOLIT-SCI-1-FW
ACTG&FINAC-3-DMZACTG&FINAC-3-DMZ DEAN-AG-2-DMZDEAN-AG-2-DMZ INTRN&CR-CTR-1-2-DMZINTRN&CR-CTR-1-2-DMZ PRIM-RES-CTR-1-3-DMZPRIM-RES-CTR-1-3-DMZ
ACTG&FINAC-3-FWACTG&FINAC-3-FW DEAN-AG-2-FWDEAN-AG-2-FW INTRN&CR-CTR-1-FWINTRN&CR-CTR-1-FW PRIM-RES-CTR-1-FWPRIM-RES-CTR-1-FW
ACTG&FINAC-5-FWACTG&FINAC-5-FW DEAN-AG-3-FWDEAN-AG-3-FW INTRN&CR-CTR-2-FWINTRN&CR-CTR-2-FW PRIM-RES-CTR-2-FWPRIM-RES-CTR-2-FW
ACTG&FINAC-6-FWACTG&FINAC-6-FW DEAN-AG-4-DMZDEAN-AG-4-DMZ IPM-PROJECT-1-DMZIPM-PROJECT-1-DMZ PRIM-RES-CTR-3-FWPRIM-RES-CTR-3-FW
ACTG&FINAC-7-FWACTG&FINAC-7-FW DEAN-AG-4-FWDEAN-AG-4-FW IPM-PROJECT-1-FWIPM-PROJECT-1-FW PRIM-RES-CTR-4-FWPRIM-RES-CTR-4-FW
ADMIN-&-RESRC-MGMT-1-ADMIN-&-RESRC-MGMT-1-FWFW DEAN-AG-5-DMZDEAN-AG-5-DMZ IPV6-TEST-V4IPV6-TEST-V4 PRIM-RES-CTR-5-FWPRIM-RES-CTR-5-FW
ADMIS&OUTRCH-2-FWADMIS&OUTRCH-2-FW DEAN-AG-5-FWDEAN-AG-5-FW IT-COMMUNRES-1-DMZIT-COMMUNRES-1-DMZ PRIMERO-1PRIMERO-1
ADMISSIONS-1-FWADMISSIONS-1-FW DEAN-AG-6-DMZDEAN-AG-6-DMZ IT-COMMUNRES-1-FWIT-COMMUNRES-1-FW PRIVATE-10PRIVATE-10
AG-ECONOMICS-1-DMZAG-ECONOMICS-1-DMZ DEAN-AG-6-FWDEAN-AG-6-FW IT-COMMUNRES-11IT-COMMUNRES-11 PRIVATE-169.254PRIVATE-169.254
AG-ECONOMICS-1-FWAG-ECONOMICS-1-FW DEAN-AG-7-FWDEAN-AG-7-FW IT-COMMUNRES-12-FWIT-COMMUNRES-12-FW PRIVATE-172.16PRIVATE-172.16
AG-HIST-CNTR-1AG-HIST-CNTR-1 DEAN-BIO-SCI-1-DMZDEAN-BIO-SCI-1-DMZ IT-COMMUNRES-13-FWIT-COMMUNRES-13-FW PRIVATE-192.168PRIVATE-192.168
AG-SERVICES-1AG-SERVICES-1 DEAN-BIO-SCI-1-FWDEAN-BIO-SCI-1-FW IT-COMMUNRES-14-HPRIT-COMMUNRES-14-HPR PROCERA-MGMT-1PROCERA-MGMT-1
ALUMNI-AFFRS-1-DMZALUMNI-AFFRS-1-DMZ DEAN-BIO-SCI-2DEAN-BIO-SCI-2 IT-COMMUNRES-15-HPRIT-COMMUNRES-15-HPR PROTEIN-STRU-1PROTEIN-STRU-1
ALUMNI-AFFRS-1-FWALUMNI-AFFRS-1-FW DEAN-ENGIN-1DEAN-ENGIN-1 IT-COMMUNRES-16-HPRIT-COMMUNRES-16-HPR PSYCHOLOGY-1-FWPSYCHOLOGY-1-FW
ALUMNI-AFFRS-2ALUMNI-AFFRS-2 DEAN-ENGIN-2DEAN-ENGIN-2 IT-COMMUNRES-17IT-COMMUNRES-17 PSYCHOLOGY-2-FWPSYCHOLOGY-2-FW
ALUMNI-AFFRS-3ALUMNI-AFFRS-3 DEAN-ENGIN-3DEAN-ENGIN-3 IT-COMMUNRES-18IT-COMMUNRES-18 PSYCHOLOGY-3-FWPSYCHOLOGY-3-FW
ANIMAL-SCI-1-DMZANIMAL-SCI-1-DMZ DEAN-ENGIN-4DEAN-ENGIN-4 IT-COMMUNRES-19IT-COMMUNRES-19 PUB-COMMUNIC-1-FWPUB-COMMUNIC-1-FW
ANIMAL-SCI-1-FWANIMAL-SCI-1-FW DEAN-ENGIN-5DEAN-ENGIN-5 IT-COMMUNRES-2-FWIT-COMMUNRES-2-FW RADIO-INTEROP-1-FWRADIO-INTEROP-1-FW
ANIMAL-SCI-2ANIMAL-SCI-2 DEAN-ENGIN-6DEAN-ENGIN-6 IT-COMMUNRES-20IT-COMMUNRES-20 REC-HALL-1REC-HALL-1
ANIMAL-SCI-2-DMZANIMAL-SCI-2-DMZ DEAN-L&S-1-FWDEAN-L&S-1-FW IT-COMMUNRES-4-FWIT-COMMUNRES-4-FW REC-HALL-2-DMZREC-HALL-2-DMZ
ANML-RES-SVC-1-FWANML-RES-SVC-1-FW DEAN-L&S-2-FWDEAN-L&S-2-FW IT-COMMUNRES-8-FWIT-COMMUNRES-8-FW REC-HALL-2-FWREC-HALL-2-FW
ANR-1-DMZANR-1-DMZ DEAN-L&S-4-FWDEAN-L&S-4-FW IT-CRETV-2-3-DMZIT-CRETV-2-3-DMZ REC-HALL-3REC-HALL-3
ANR-1-FWANR-1-FW DEAN-L&S-6DEAN-L&S-6 IT-CRETV-2-FWIT-CRETV-2-FW REC-HALL-4REC-HALL-4
ANTHROPOLOGY-1-FWANTHROPOLOGY-1-FW DEAN-L&S-7-DMZDEAN-L&S-7-DMZ IT-CRETV-3-FWIT-CRETV-3-FW REGAN-1REGAN-1
ARCH-&-ENGR-1-DMZARCH-&-ENGR-1-DMZ DEAN-L&S-7-FWDEAN-L&S-7-FW IT-CRETV-COM-1-DMZIT-CRETV-COM-1-DMZ REGISTRAR-1-FWREGISTRAR-1-FW
ARCH-&-ENGR-1-FWARCH-&-ENGR-1-FW DEAN-L&S-DMZDEAN-L&S-DMZ IT-CRETV-COM-1-FWIT-CRETV-COM-1-FW REGISTRAR-1-VPNREGISTRAR-1-VPN
ARCH-&-ENGR-2ARCH-&-ENGR-2 DEAN-MED-ADM-1-FWDEAN-MED-ADM-1-FW IT-DSCMP-A&S-1-FWIT-DSCMP-A&S-1-FW REGISTRAR-2-FWREGISTRAR-2-FW
ARM-ALARMS-1-FWARM-ALARMS-1-FW DEAN-MED-ADM-10-FWDEAN-MED-ADM-10-FW IT-DSCMP-A&S-2-FWIT-DSCMP-A&S-2-FW RES-MGMT&PLNG-1RES-MGMT&PLNG-1
ART-1-3-DMZART-1-3-DMZ DEAN-MED-ADM-12-FWDEAN-MED-ADM-12-FW IT-INFO-RES-1IT-INFO-RES-1 RSVDRSVD
ART-1-FWART-1-FW DEAN-MED-ADM-13-FWDEAN-MED-ADM-13-FW IT-INFO-RES-10IT-INFO-RES-10 SAFETY-SVCS-1-DMZSAFETY-SVCS-1-DMZ
ART-2-FWART-2-FW DEAN-MED-ADM-14-FWDEAN-MED-ADM-14-FW IT-INFO-RES-11IT-INFO-RES-11 SAFETY-SVCS-1-FWSAFETY-SVCS-1-FW
ART-3-FWART-3-FW DEAN-MED-ADM-15-FWDEAN-MED-ADM-15-FW IT-INFO-RES-12IT-INFO-RES-12 SEG-ALDER-1SEG-ALDER-1
ASUCD-1-DMZASUCD-1-DMZ DEAN-MED-ADM-2-FWDEAN-MED-ADM-2-FW IT-INFO-RES-14IT-INFO-RES-14 SEG-MILLER-1SEG-MILLER-1
ASUCD-1-FWASUCD-1-FW DEAN-MED-ADM-3-FWDEAN-MED-ADM-3-FW IT-INFO-RES-15IT-INFO-RES-15 SEG-THOMPSON-1SEG-THOMPSON-1
AVC-ENRLMT-SVCS-1-DMZAVC-ENRLMT-SVCS-1-DMZ DEAN-MED-ADM-4-FWDEAN-MED-ADM-4-FW IT-INFO-RES-16IT-INFO-RES-16 SEGUNDO-1SEGUNDO-1
AVC-ENRLMT-SVCS-1-FWAVC-ENRLMT-SVCS-1-FW DEAN-MED-ADM-5-DMZDEAN-MED-ADM-5-DMZ IT-INFO-RES-17-FWIT-INFO-RES-17-FW SEGUNDO-2SEGUNDO-2
BFTV-1-DMZBFTV-1-DMZ DEAN-MED-ADM-5-FWDEAN-MED-ADM-5-FW IT-INFO-RES-18IT-INFO-RES-18 SHRD-SVC-CTR-1-FWSHRD-SVC-CTR-1-FW
BFTV-1-FWBFTV-1-FW DEAN-MED-ADM-6-FWDEAN-MED-ADM-6-FW IT-INFO-RES-19-20-DMZIT-INFO-RES-19-20-DMZ SIP-1SIP-1
BGI-UCDHS-1BGI-UCDHS-1 DEAN-MED-ADM-7-FWDEAN-MED-ADM-7-FW IT-INFO-RES-19-FWIT-INFO-RES-19-FW SIP-2SIP-2
BIO-SCI-1-DMZBIO-SCI-1-DMZ DEAN-MED-ADM-8-FWDEAN-MED-ADM-8-FW IT-INFO-RES-20-FWIT-INFO-RES-20-FW SIP-DMZSIP-DMZ
BOOKSTORE-1-DMZBOOKSTORE-1-DMZ DEAN-MED-ADM-9-FWDEAN-MED-ADM-9-FW IT-INFO-RES-21-VPNIT-INFO-RES-21-VPN SM-RUM-CRSP-1SM-RUM-CRSP-1
BOOKSTORE-1-FWBOOKSTORE-1-FW DEAN-VETMED-1-DMZDEAN-VETMED-1-DMZ IT-INFO-RES-25IT-INFO-RES-25 SOC-SCI-ADM-1-FWSOC-SCI-ADM-1-FW
BOOKSTORE-2BOOKSTORE-2 DEAN-VETMED-1-FWDEAN-VETMED-1-FW IT-INFO-RES-26-FWIT-INFO-RES-26-FW SOC-SCI-DSS-1-DMZSOC-SCI-DSS-1-DMZ
BOOKSTORE-2-DMZBOOKSTORE-2-DMZ DEAN-VETMED-2-DMZDEAN-VETMED-2-DMZ IT-INFO-RES-9IT-INFO-RES-9 SOC-SCI-DSS-1-FWSOC-SCI-DSS-1-FW
CABA-1CABA-1 DEAN-VETMED-2-FWDEAN-VETMED-2-FW JMIE-1JMIE-1 SOC-SCI-DSS-2-FWSOC-SCI-DSS-2-FW
CAES-1-FWCAES-1-FW DEAN-VETMED-3-FWDEAN-VETMED-3-FW JMIE-5JMIE-5 SOC-SCI-DSS-3-FWSOC-SCI-DSS-3-FW
CAFF-1CAFF-1 DEAN-VETMED-5-DMZDEAN-VETMED-5-DMZ KK-1KK-1 SOC-SCI-DSS-4-FWSOC-SCI-DSS-4-FW
CALREN2OOBCALREN2OOB DESIGN-1-FWDESIGN-1-FW KK-2KK-2 SOCIOLOGY-1-FWSOCIOLOGY-1-FW
CALSPACE-CNTR-1CALSPACE-CNTR-1 DESIGN-2-FWDESIGN-2-FW KM-1-DMZKM-1-DMZ SOLANO-1SOLANO-1
CALSPACE-CNTR-2CALSPACE-CNTR-2 DESIGN-4-VPNDESIGN-4-VPN KM-1-FWKM-1-FW SOLANO-2SOLANO-2
CAMPUS-EV&IN-1-DMZCAMPUS-EV&IN-1-DMZ DESIGN-LDA-DMZDESIGN-LDA-DMZ LA-RUE-1LA-RUE-1 SSL-VPN-1-DMZSSL-VPN-1-DMZ
CAMPUS-EV&IN-1-FWCAMPUS-EV&IN-1-FW DNS-1DNS-1 LA-RUE-2LA-RUE-2 SSL-VPN-1-FWSSL-VPN-1-FW
CAMPUS-EV&IN-2-DMZCAMPUS-EV&IN-2-DMZ DNS-2DNS-2 LA-RUE-3LA-RUE-3 STAF-DEV&PRF-2-DMZSTAF-DEV&PRF-2-DMZ
CAMPUS-EV&IN-2-FWCAMPUS-EV&IN-2-FW DOE-1-DMZDOE-1-DMZ LA-RUE-4LA-RUE-4 STAF-DEV&PRF-2-FWSTAF-DEV&PRF-2-FW
CASHIER-1-DMZCASHIER-1-DMZ DOE-1-FWDOE-1-FW LANG-LIT-1-DMZLANG-LIT-1-DMZ STATISTICS-1-DMZSTATISTICS-1-DMZ
CASHIER-1-FWCASHIER-1-FW DRAMATIC-ART-1-2-DMZDRAMATIC-ART-1-2-DMZ LANG-LIT-1-FWLANG-LIT-1-FW STATISTICS-1-FWSTATISTICS-1-FW
CBST-1-FWCBST-1-FW DRAMATIC-ART-1-FWDRAMATIC-ART-1-FW LANG-LIT-2-FWLANG-LIT-2-FW STDT-JUD-AFF-1-FWSTDT-JUD-AFF-1-FW
CBST-2CBST-2 DRAMATIC-ART-2-FWDRAMATIC-ART-2-FW LANGUAGE-LAB-1-DMZLANGUAGE-LAB-1-DMZ STU-DIS-CTR-1-FWSTU-DIS-CTR-1-FW
CBST-3CBST-3 ECONOMICS-1-DMZECONOMICS-1-DMZ LANGUAGE-LAB-1-FWLANGUAGE-LAB-1-FW STU-HLTH-SVCS-1-2-DMZSTU-HLTH-SVCS-1-2-DMZ
CENIC-GATEKEEPER-1CENIC-GATEKEEPER-1 ECONOMICS-1-FWECONOMICS-1-FW LARRY-1-DMZLARRY-1-DMZ STU-HLTH-SVCS-1-FWSTU-HLTH-SVCS-1-FW
CENTRIFUGE-1-HPRCENTRIFUGE-1-HPR ECONOMICS-2-FWECONOMICS-2-FW LARRY-1-FWLARRY-1-FW STU-HLTH-SVCS-2-FWSTU-HLTH-SVCS-2-FW
CEPRAP-1-FWCEPRAP-1-FW EDUCATION-1-DMZEDUCATION-1-DMZ LARRY-1-VPNLARRY-1-VPN STU-HLTH-SVCS-8-FWSTU-HLTH-SVCS-8-FW
CFO-SERVER-1-FWCFO-SERVER-1-FW EDUCATION-1-FWEDUCATION-1-FW LAW-1-FWLAW-1-FW STUD-AFF-RES-1-DMZSTUD-AFF-RES-1-DMZ
CHANCELLOR-1-DMZCHANCELLOR-1-DMZ EDUCATION-2-FWEDUCATION-2-FW LAW-2-FWLAW-2-FW STUD-AFF-RES-1-FWSTUD-AFF-RES-1-FW
CHANCELLOR-1-FWCHANCELLOR-1-FW EMERSON-1EMERSON-1 LAW-3-DMZLAW-3-DMZ STUDENT-ACTV-1-DMZSTUDENT-ACTV-1-DMZ
CHANCELLOR-10CHANCELLOR-10 EMERSON-2EMERSON-2 LAW-3-FWLAW-3-FW STUDENT-ACTV-1-FWSTUDENT-ACTV-1-FW
CHANCELLOR-11-12-DMZCHANCELLOR-11-12-DMZ EMERSON-3EMERSON-3 LAW-4-FWLAW-4-FW STUDENT-ACTV-2STUDENT-ACTV-2
CHANCELLOR-11-FWCHANCELLOR-11-FW EMO-1-DMZEMO-1-DMZ LAWR-1-DMZLAWR-1-DMZ STUDENT-AFFRS-1-FWSTUDENT-AFFRS-1-FW
CHANCELLOR-12-FWCHANCELLOR-12-FW EMO-1-FWEMO-1-FW LAWR-1-FWLAWR-1-FW STUDENT-AFFRS-3-FWSTUDENT-AFFRS-3-FW
CHANCELLOR-2CHANCELLOR-2 EMPHLTHOAK-1EMPHLTHOAK-1 LAWR-2LAWR-2 STUDENT-AFFRS-4-DMZSTUDENT-AFFRS-4-DMZ
CHANCELLOR-3CHANCELLOR-3 ENG-AP-SCI-1ENG-AP-SCI-1 LAWR-3LAWR-3 STUDENT-AFFRS-4-FWSTUDENT-AFFRS-4-FW
CHANCELLOR-4CHANCELLOR-4 ENG-AP-SCI-2-HPRENG-AP-SCI-2-HPR LAWR-5-FWLAWR-5-FW STUDENT-AFFRS-5-FWSTUDENT-AFFRS-5-FW
CHANCELLOR-5-DMZCHANCELLOR-5-DMZ ENG-AP-SCI-3ENG-AP-SCI-3 LDA-3-FWLDA-3-FW STUDENT-AFFRS-6-FWSTUDENT-AFFRS-6-FW
CHANCELLOR-5-FWCHANCELLOR-5-FW ENG-AP-SCI-4ENG-AP-SCI-4 LEACH-1LEACH-1 STUDENT-REC-1STUDENT-REC-1
CHANCELLOR-6-FWCHANCELLOR-6-FW ENG-BIO&AG-1ENG-BIO&AG-1 LIBRARY-1-FWLIBRARY-1-FW SWITCHROOM-1SWITCHROOM-1
CHANCELLOR-DMZCHANCELLOR-DMZ ENG-BIOMED-2ENG-BIOMED-2 LIBRARY-10LIBRARY-10 TEACH-RES-CT-1-FWTEACH-RES-CT-1-FW
CHEMISTRY-1-DMZCHEMISTRY-1-DMZ ENG-BIOMED-3ENG-BIOMED-3 LIBRARY-10-FWLIBRARY-10-FW TEC-COMM-1TEC-COMM-1
CHEMISTRY-1-FWCHEMISTRY-1-FW ENG-CHEM&MAT-1ENG-CHEM&MAT-1 LIBRARY-13-FWLIBRARY-13-FW TERC-1-DMZTERC-1-DMZ
CHEMISTRY-3-FWCHEMISTRY-3-FW ENG-CHEM&MAT-2-FWENG-CHEM&MAT-2-FW LIBRARY-2-FWLIBRARY-2-FW TERC-1-FWTERC-1-FW
CLEARPASS-1CLEARPASS-1 ENG-CHEM&MAT-3-DMZENG-CHEM&MAT-3-DMZ LIBRARY-3-FWLIBRARY-3-FW TERCERO-1TERCERO-1
CO-OP-EXT-1-DMZCO-OP-EXT-1-DMZ ENG-CHEM&MAT-3-FWENG-CHEM&MAT-3-FW LIBRARY-4-FWLIBRARY-4-FW TEXT-&-CLOTH-1-DMZTEXT-&-CLOTH-1-DMZ
CO-OP-EXT-1-FWCO-OP-EXT-1-FW ENG-CIVL&ENV-1ENG-CIVL&ENV-1 LIBRARY-5-FWLIBRARY-5-FW TEXT-&-CLOTH-1-FWTEXT-&-CLOTH-1-FW
CO-OPS-1CO-OPS-1 ENG-CIVL&ENV-2ENG-CIVL&ENV-2 LIBRARY-6-FWLIBRARY-6-FW THOREAU-1THOREAU-1
COE-HPC-CLUSTERCOE-HPC-CLUSTER ENG-CIVL&ENV-3ENG-CIVL&ENV-3 LIBRARY-7-FWLIBRARY-7-FW TOXIC-SUBSTANCES-1TOXIC-SUBSTANCES-1
COE-ITSS-1-DMZCOE-ITSS-1-DMZ ENG-CIVL&ENV-4ENG-CIVL&ENV-4 LIBRARY-8LIBRARY-8 TOXIC-SUBSTANCES-1-TOXIC-SUBSTANCES-1-DMZDMZ
COE-ITSS-1-FWCOE-ITSS-1-FW ENG-CIVL&ENV-5ENG-CIVL&ENV-5 LIBRARY-9-FWLIBRARY-9-FW TRS-1TRS-1
COE-ITSS-11-FWCOE-ITSS-11-FW ENG-CIVL&ENV-6-DMZENG-CIVL&ENV-6-DMZ LIBRARY-DMZLIBRARY-DMZ U-EXTENSION-1-DMZU-EXTENSION-1-DMZ
COE-ITSS-14COE-ITSS-14 ENG-CIVL&ENV-6-FWENG-CIVL&ENV-6-FW LRN-SKLS-CTR-1-FWLRN-SKLS-CTR-1-FW U-EXTENSION-1-FWU-EXTENSION-1-FW
COE-ITSS-2-DMZCOE-ITSS-2-DMZ ENG-CIVL&ENV-8ENG-CIVL&ENV-8 M-ANESTHESIO-1-DMZM-ANESTHESIO-1-DMZ U-EXTENSION-2-DMZU-EXTENSION-2-DMZ
COE-ITSS-2-FWCOE-ITSS-2-FW ENG-CMPR-SCI-1ENG-CMPR-SCI-1 M-ANESTHESIO-1-FWM-ANESTHESIO-1-FW U-EXTENSION-2-FWU-EXTENSION-2-FW
COE-ITSS-3-DMZCOE-ITSS-3-DMZ ENG-CMPR-SCI-2ENG-CMPR-SCI-2 M-COM-HEALTH-1-2-DMZM-COM-HEALTH-1-2-DMZ U-EXTENSION-3-DMZU-EXTENSION-3-DMZ
COE-ITSS-3-FWCOE-ITSS-3-FW ENG-CMPR-SCI-3ENG-CMPR-SCI-3 M-COM-HEALTH-1-FWM-COM-HEALTH-1-FW U-EXTENSION-3-FWU-EXTENSION-3-FW
COE-ITSS-4-FWCOE-ITSS-4-FW ENG-CMPR-SCI-4ENG-CMPR-SCI-4 M-COM-HEALTH-2-FWM-COM-HEALTH-2-FW U-EXTENSION-4-DMZU-EXTENSION-4-DMZ
COE-ITSS-5-FWCOE-ITSS-5-FW ENG-CMPR-SCI-5ENG-CMPR-SCI-5 M-CURIC-SUPT-1-DMZM-CURIC-SUPT-1-DMZ U-EXTENSION-4-FWU-EXTENSION-4-FW
COE-ITSS-6-FWCOE-ITSS-6-FW ENG-CMPR-SCI-6ENG-CMPR-SCI-6 M-CURIC-SUPT-1-FWM-CURIC-SUPT-1-FW U-EXTENSION-5-DMZU-EXTENSION-5-DMZ
COE-ITSS-7-FWCOE-ITSS-7-FW ENG-CMPR-SCI-7ENG-CMPR-SCI-7 M-GEN-I&R-1M-GEN-I&R-1 U-EXTENSION-5-FWU-EXTENSION-5-FW
COE-ITSS-8-FWCOE-ITSS-8-FW ENG-CMPR-SCI-8ENG-CMPR-SCI-8 M-NEUROLOGY-1-FWM-NEUROLOGY-1-FW U-RELATIONS-1-4-DMZU-RELATIONS-1-4-DMZ
COE-ITSS-9-FWCOE-ITSS-9-FW ENG-CMPR-SCI-9ENG-CMPR-SCI-9 M-NEUROSURG-1M-NEUROSURG-1 U-RELATIONS-1-FWU-RELATIONS-1-FW
COE-ITSS-DMZCOE-ITSS-DMZ ENG-ELEC&CMP-1ENG-ELEC&CMP-1 M-NEUROSURG-2M-NEUROSURG-2 U-RELATIONS-4-FWU-RELATIONS-4-FW
COUNSELING-1-FWCOUNSELING-1-FW ENG-ELEC&CMP-2ENG-ELEC&CMP-2 M-OPTHAMOL-1M-OPTHAMOL-1 UC-LANG-CONS-1-FWUC-LANG-CONS-1-FW
CROC-NUC-LAB-1CROC-NUC-LAB-1 ENG-ELEC&CMP-3ENG-ELEC&CMP-3 M-OTOLYMGOL-1M-OTOLYMGOL-1 UCD-MNRC-1UCD-MNRC-1
CROC-NUC-LAB-2CROC-NUC-LAB-2 ENG-ELEC&CMP-4ENG-ELEC&CMP-4 M-OTOLYMGOL-2M-OTOLYMGOL-2 UCDMCUCDMC
CROC-NUC-LAB-DMZCROC-NUC-LAB-DMZ ENG-MCH&AERO-1ENG-MCH&AERO-1 M-PEDIATRICS-1M-PEDIATRICS-1 USDA-2-4-DMZUSDA-2-4-DMZ
CRU-PCI-1CRU-PCI-1 ENG-MCH&AERO-1-DMZENG-MCH&AERO-1-DMZ M-PHYS-MED-1-DMZM-PHYS-MED-1-DMZ USDA-2-FWUSDA-2-FW
CSE-WSHED-1-DMZCSE-WSHED-1-DMZ ENG-MCH&AERO-2ENG-MCH&AERO-2 M-PHYS-MED-1-FWM-PHYS-MED-1-FW USDA-3-DMZUSDA-3-DMZ
CTR-AG-ISSUE-1-FWCTR-AG-ISSUE-1-FW ENG-MCH&AERO-3ENG-MCH&AERO-3 M-PSYCHIATRY-1M-PSYCHIATRY-1 USDA-3-FWUSDA-3-FW
CTR-CMP-MED-1-FWCTR-CMP-MED-1-FW ENG-MCH&AERO-4ENG-MCH&AERO-4 M-PSYCHIATRY-2M-PSYCHIATRY-2 USDA-4-FWUSDA-4-FW
CTR-CMP-MED-2-FWCTR-CMP-MED-2-FW ENGLISH-1-DMZENGLISH-1-DMZ MATHEMATICS-1-DMZMATHEMATICS-1-DMZ USDA-5USDA-5
CTR-CMP-MED-3-FWCTR-CMP-MED-3-FW ENGLISH-1-FWENGLISH-1-FW MATHEMATICS-1-FWMATHEMATICS-1-FW VC-ADMIN-1-2-3-DMZVC-ADMIN-1-2-3-DMZ
CTR-CMP-MED-4-DMZCTR-CMP-MED-4-DMZ ENTOMOLOGY-1-DMZENTOMOLOGY-1-DMZ MCAST-HD-1MCAST-HD-1 VC-ADMIN-2-FWVC-ADMIN-2-FW
CTR-CMP-MED-4-FWCTR-CMP-MED-4-FW ENTOMOLOGY-1-FWENTOMOLOGY-1-FW MCCLELLAN-NRC-1-DMZMCCLELLAN-NRC-1-DMZ VC-ADMIN-3-FWVC-ADMIN-3-FW
CTR-CMP-MED-5-FWCTR-CMP-MED-5-FW ENTOMOLOGY-2ENTOMOLOGY-2 MCCLELLAN-NRC-1-FWMCCLELLAN-NRC-1-FW VC-RESEARCH-1-DMZVC-RESEARCH-1-DMZ
CTR-CMP-MED-6-DMZCTR-CMP-MED-6-DMZ ENTOMOLOGY-3-DMZENTOMOLOGY-3-DMZ MEYER-COMM-1MEYER-COMM-1 VC-RESEARCH-1-FWVC-RESEARCH-1-FW
CTR-CMP-MED-DMZCTR-CMP-MED-DMZ ENTOMOLOGY-3-FWENTOMOLOGY-3-FW MGMT-SCH-OF-1-DMZMGMT-SCH-OF-1-DMZ VC-RESEARCH-2VC-RESEARCH-2
CTR-COMP-SCI/EN-1CTR-COMP-SCI/EN-1 ENV-HLTH&SAF-1-DMZENV-HLTH&SAF-1-DMZ MGMT-SCH-OF-1-FWMGMT-SCH-OF-1-FW VC-RESEARCH-3-DMZVC-RESEARCH-3-DMZ
CTR-CPANHLTH-1-FWCTR-CPANHLTH-1-FW ENV-HLTH&SAF-1-FWENV-HLTH&SAF-1-FW MGMT-SCH-OF-2-FWMGMT-SCH-OF-2-FW VC-RESEARCH-3-FWVC-RESEARCH-3-FW
CTR-CPANHLTH-2-FWCTR-CPANHLTH-2-FW ENV-HLTH&SAF-2ENV-HLTH&SAF-2 MGMT-SCH-OF-3-SSLMGMT-SCH-OF-3-SSL VC-RESEARCH-5VC-RESEARCH-5
CTR-EQUIN-HL-1-FWCTR-EQUIN-HL-1-FW ENV-HLTH&SAF-3ENV-HLTH&SAF-3 MICROBIOLOGY-1-DMZMICROBIOLOGY-1-DMZ VC-RESEARCH-6VC-RESEARCH-6
CTR-EQUIN-HL-2-FWCTR-EQUIN-HL-2-FW ENV-STUDIES-1-DMZENV-STUDIES-1-DMZ MICROBIOLOGY-1-FWMICROBIOLOGY-1-FW VC-RESEARCH-7-DMZVC-RESEARCH-7-DMZ
CTR-HLTH&ENV-1-DMZCTR-HLTH&ENV-1-DMZ ENV-STUDIES-1-FWENV-STUDIES-1-FW MOL&CELL-BIO-1-DMZMOL&CELL-BIO-1-DMZ VC-RESEARCH-7-FWVC-RESEARCH-7-FW
CTR-HLTH&ENV-1-FWCTR-HLTH&ENV-1-FW ENV-STUDIES-2ENV-STUDIES-2 MOL&CELL-BIO-1-FWMOL&CELL-BIO-1-FW VC-STU-AFFRS-1-3-DMZVC-STU-AFFRS-1-3-DMZ
CTR-MIND-BRAIN-1-FWCTR-MIND-BRAIN-1-FW ENV-STUDIES-2-DMZENV-STUDIES-2-DMZ MOL&CELL-BIO-2-DMZMOL&CELL-BIO-2-DMZ VC-STU-AFFRS-2VC-STU-AFFRS-2
CTR-MIND-BRAIN-3-FWCTR-MIND-BRAIN-3-FW ENV-STUDIES-3-DMZENV-STUDIES-3-DMZ MOL&CELL-BIO-2-FWMOL&CELL-BIO-2-FW VC-STU-AFFRS-3-FWVC-STU-AFFRS-3-FW
CTR-MIND-BRAIN-5-FWCTR-MIND-BRAIN-5-FW ENV-STUDIES-3-FWENV-STUDIES-3-FW MONDAVI-1-2-DMZMONDAVI-1-2-DMZ VET-DIAG-LAB-1VET-DIAG-LAB-1
CTR-NEUROSCI-1-FWCTR-NEUROSCI-1-FW ENV-STUDIES-4ENV-STUDIES-4 MONDAVI-1-FWMONDAVI-1-FW VETGENETICS-1VETGENETICS-1
CTR-NEUROSCI-3-FWCTR-NEUROSCI-3-FW ENV-TOX-1-DMZENV-TOX-1-DMZ MONDAVI-2-FWMONDAVI-2-FW VETGENETICS-3-DMZVETGENETICS-3-DMZ
CTR-NEUROSCI-5-FWCTR-NEUROSCI-5-FW ENV-TOX-1-FWENV-TOX-1-FW MONDAVI-3MONDAVI-3 VETGENETICS-3-FWVETGENETICS-3-FW
CTR-NEUROSCI-DMZCTR-NEUROSCI-DMZ ENV-TOX-2ENV-TOX-2 MONDAVI-4MONDAVI-4 VETGENETICS-4VETGENETICS-4
CULTURE-STDS-1-DMZCULTURE-STDS-1-DMZ EOC-1EOC-1 MONDAVI-5MONDAVI-5 VETMED-1VETMED-1
CULTURE-STDS-1-FWCULTURE-STDS-1-FW EOC-2EOC-2 MONDAVI-6-DMZMONDAVI-6-DMZ VETMED-2VETMED-2
DANR-1-FWDANR-1-FW EVENTS-2EVENTS-2 MU-GENERAL-1MU-GENERAL-1 VH-ADMIN-1-DMZVH-ADMIN-1-DMZ
DANR-2-FWDANR-2-FW EVENTS-3-FWEVENTS-3-FW MU-GENERAL-2MU-GENERAL-2 VH-ADMIN-1-FWVH-ADMIN-1-FW
DANR-3-FWDANR-3-FW EVOL&ECOLOGY-1-2-DMZEVOL&ECOLOGY-1-2-DMZ MU-GENERAL-3MU-GENERAL-3 VH-ADMIN-2-DMZVH-ADMIN-2-DMZ
DANR-4-FWDANR-4-FW EVOL&ECOLOGY-1-FWEVOL&ECOLOGY-1-FW MUSIC-1-FWMUSIC-1-FW VH-ADMIN-2-FWVH-ADMIN-2-FW
DANR-5-FWDANR-5-FW EVOL&ECOLOGY-2-FWEVOL&ECOLOGY-2-FW NEAT-ORU-1-DMZNEAT-ORU-1-DMZ VH-ADMIN-4VH-ADMIN-4
DANR-6-FWDANR-6-FW FAC-ADV-INST-1-DMZFAC-ADV-INST-1-DMZ NEAT-ORU-1-FWNEAT-ORU-1-FW VIT&ENOL-1-DMZVIT&ENOL-1-DMZ
DANR-7-FWDANR-7-FW FAC-ADV-INST-1-FWFAC-ADV-INST-1-FW NEMATOLOGY-1-FWNEMATOLOGY-1-FW VIT&ENOL-1-FWVIT&ENOL-1-FW
DANR-COMMUNI-1-FWDANR-COMMUNI-1-FW FD-SCI&TECH-1-DMZFD-SCI&TECH-1-DMZ NET-MRI-1NET-MRI-1 VM-ACADPROGS-1-FWVM-ACADPROGS-1-FW
DANR-COMMUNI-2-FWDANR-COMMUNI-2-FW FD-SCI&TECH-1-FWFD-SCI&TECH-1-FW NEUROPHY-BEH-1-DMZNEUROPHY-BEH-1-DMZ VM-ANATOMY-1-FWVM-ANATOMY-1-FW
DANR-DMZDANR-DMZ FIN-AID&EMPL-1-DMZFIN-AID&EMPL-1-DMZ NEUROPHY-BEH-1-FWNEUROPHY-BEH-1-FW VM-CENT-SERV-1-FWVM-CENT-SERV-1-FW
DATA-CENTERDATA-CENTER FIN-AID&EMPL-1-FWFIN-AID&EMPL-1-FW NEUROPHY-BEH-3NEUROPHY-BEH-3 VM-CENT-SERV-2-FWVM-CENT-SERV-2-FW
DATA-CENTER-2-DMZDATA-CENTER-2-DMZ FIN-AID&EMPL-1-VPNFIN-AID&EMPL-1-VPN NMR-1-DMZNMR-1-DMZ VM-GEN-I&R-1-FWVM-GEN-I&R-1-FW
DATA-CENTER-DMZDATA-CENTER-DMZ FIN-AID&EMPL-2FIN-AID&EMPL-2 NMR-FACILITY-1-FWNMR-FACILITY-1-FW VM-GEN-I&R-5-FWVM-GEN-I&R-5-FW
DATACENTER-TEMPDATACENTER-TEMP FIRE-DEPT-1-FWFIRE-DEPT-1-FW NOC-1-FWNOC-1-FW VM-GEN-I&R-6-FWVM-GEN-I&R-6-FW
DC&CLIENT-SVC-1-2-DMZDC&CLIENT-SVC-1-2-DMZ FIRE-DEPT-2-FWFIRE-DEPT-2-FW NOC-2NOC-2 VM-MED&EPIDM-2-DMZVM-MED&EPIDM-2-DMZ
DC&CLIENT-SVC-1-FWDC&CLIENT-SVC-1-FW FOOD-SERVICE-1-DMZFOOD-SERVICE-1-DMZ NOC-3-NRNOC-3-NR VM-MED&EPIDM-2-FWVM-MED&EPIDM-2-FW
DC&CLIENT-SVC-12-DMZDC&CLIENT-SVC-12-DMZ FOOD-SERVICE-1-FWFOOD-SERVICE-1-FW NOC-4-NRNOC-4-NR VM-PATHOLOGY-1-FWVM-PATHOLOGY-1-FW
DC&CLIENT-SVC-12-FWDC&CLIENT-SVC-12-FW FOOD-SERVICE-2-DMZFOOD-SERVICE-2-DMZ NOC-SSLNOC-SSL VM-RESEARCH-1-FWVM-RESEARCH-1-FW
DC&CLIENT-SVC-13DC&CLIENT-SVC-13 FOOD-SERVICE-2-FWFOOD-SERVICE-2-FW NOC-TECHNICIANS-1-FWNOC-TECHNICIANS-1-FW VM-RESEARCH-2-FWVM-RESEARCH-2-FW
DC&CLIENT-SVC-14-FWDC&CLIENT-SVC-14-FW FOOD-SERVICE-3-FWFOOD-SERVICE-3-FW NOT-IN-PINNACLE6NOT-IN-PINNACLE6 VM-VECTOR-DIS-RSCH-1-VM-VECTOR-DIS-RSCH-1-DMZDMZ
DC&CLIENT-SVC-15-FWDC&CLIENT-SVC-15-FW FPMS-1-DMZFPMS-1-DMZ NUTRITION-1-DMZNUTRITION-1-DMZ VM-VECTOR-DIS-RSCH-1-VM-VECTOR-DIS-RSCH-1-FWFW
DC&CLIENT-SVC-16-17-DMZDC&CLIENT-SVC-16-17-DMZ FPMS-1-FWFPMS-1-FW NUTRITION-1-FWNUTRITION-1-FW VM-VECTOR-DIS-RSCH-2-VM-VECTOR-DIS-RSCH-2-NATNAT
DC&CLIENT-SVC-16-FWDC&CLIENT-SVC-16-FW FREERADIUS-1FREERADIUS-1 NUTRITION-1-VPNNUTRITION-1-VPN VMTRC-TULARE-1VMTRC-TULARE-1
DC&CLIENT-SVC-17-FWDC&CLIENT-SVC-17-FW GEN-ACAD-1GEN-ACAD-1 O&M-CHCP-1-DMZO&M-CHCP-1-DMZ VOICE-CORE-1VOICE-CORE-1
DC&CLIENT-SVC-2-FWDC&CLIENT-SVC-2-FW GEN-ACAD-1-DMZGEN-ACAD-1-DMZ O&M-CHCP-1-FWO&M-CHCP-1-FW VOICE-EDGE-1VOICE-EDGE-1
DC&CLIENT-SVC-21-FWDC&CLIENT-SVC-21-FW GEN-ACAD-2-FWGEN-ACAD-2-FW O&M:UTILITIES-1O&M:UTILITIES-1 VOIP-MGC-1VOIP-MGC-1
DC&CLIENT-SVC-22-FWDC&CLIENT-SVC-22-FW GEN-ACAD-3GEN-ACAD-3 O&M:UTILITIES-2O&M:UTILITIES-2 VOIP-MGC-2VOIP-MGC-2
DC&CLIENT-SVC-23-FWDC&CLIENT-SVC-23-FW GENOME-CTR-1-4-DMZGENOME-CTR-1-4-DMZ O&M:UTILITIES-DMZO&M:UTILITIES-DMZ VOIP-MGC-3VOIP-MGC-3
DC&CLIENT-SVC-24-FWDC&CLIENT-SVC-24-FW GENOME-CTR-1-FWGENOME-CTR-1-FW OCM-1-FWOCM-1-FW VPNLITE-1VPNLITE-1
DC&CLIENT-SVC-25-FWDC&CLIENT-SVC-25-FW GENOME-CTR-4-FWGENOME-CTR-4-FW OFF-CAMPUSOFF-CAMPUS W-&-F-BIO-1-DMZW-&-F-BIO-1-DMZ
DC&CLIENT-SVC-26-FWDC&CLIENT-SVC-26-FW GENOME-CTR-5-HPRGENOME-CTR-5-HPR ORCHARD-1ORCHARD-1 W-&-F-BIO-1-FWW-&-F-BIO-1-FW
DC&CLIENT-SVC-27-FWDC&CLIENT-SVC-27-FW GENOME-CTR-6-HPRGENOME-CTR-6-HPR ORCHARD-2ORCHARD-2 WASTEWATER-1-FWWASTEWATER-1-FW
DC&CLIENT-SVC-28-FWDC&CLIENT-SVC-28-FW GEOLOGY-1-DMZGEOLOGY-1-DMZ PARKING-SVCS-1-DMZPARKING-SVCS-1-DMZ WCEC-1WCEC-1
DC&CLIENT-SVC-29-FWDC&CLIENT-SVC-29-FW GEOLOGY-1-FWGEOLOGY-1-FW PARKING-SVCS-1-FWPARKING-SVCS-1-FW WEBSTER-1WEBSTER-1
DC&CLIENT-SVC-30-FWDC&CLIENT-SVC-30-FW GEOLOGY-2-FWGEOLOGY-2-FW PARKING-SVCS-2-FWPARKING-SVCS-2-FW WIFSS-1-DMZWIFSS-1-DMZ
DC&CLIENT-SVC-31-FWDC&CLIENT-SVC-31-FW GRAD-STUDIES-1-2-DMZGRAD-STUDIES-1-2-DMZ PERF-SONAR-1PERF-SONAR-1 WIFSS-1-FWWIFSS-1-FW
DC&CLIENT-SVC-32-FWDC&CLIENT-SVC-32-FW GRAD-STUDIES-1-FWGRAD-STUDIES-1-FW PERF-SONAR-2PERF-SONAR-2 WLS-CAMPUS-2WLS-CAMPUS-2
DC&CLIENT-SVC-33-FWDC&CLIENT-SVC-33-FW GRAD-STUDIES-2-FWGRAD-STUDIES-2-FW PERF-SONAR-3PERF-SONAR-3 WLS-EDUROAM-1WLS-EDUROAM-1
DC&CLIENT-SVC-34-FWDC&CLIENT-SVC-34-FW HISTORY-2-FWHISTORY-2-FW PERF-SONAR-4PERF-SONAR-4 WLS-MOOBILENET-1WLS-MOOBILENET-1
DC&CLIENT-SVC-35-FWDC&CLIENT-SVC-35-FW HOUSING-1-DMZHOUSING-1-DMZ PHYS-PLANT-1-FWPHYS-PLANT-1-FW WLS-MOOBILENET-10WLS-MOOBILENET-10
DC&CLIENT-SVC-36-DMZDC&CLIENT-SVC-36-DMZ HOUSING-1-FWHOUSING-1-FW PHYS-PLANT-2-FWPHYS-PLANT-2-FW WLS-MOOBILENET-2WLS-MOOBILENET-2
DC&CLIENT-SVC-36-FWDC&CLIENT-SVC-36-FW HOUSING-2-DMZHOUSING-2-DMZ PHYS-PLANT-3-FWPHYS-PLANT-3-FW WLS-MOOBILENET-3WLS-MOOBILENET-3
DC&CLIENT-SVC-39-DMZDC&CLIENT-SVC-39-DMZ HOUSING-2-FWHOUSING-2-FW PHYS-PLANT-4-FWPHYS-PLANT-4-FW WLS-MOOBILENET-4WLS-MOOBILENET-4
DC&CLIENT-SVC-39-FWDC&CLIENT-SVC-39-FW HOUSING-3-DMZHOUSING-3-DMZ PHYS-PLANT-5-FWPHYS-PLANT-5-FW WLS-MOOBILENET-5WLS-MOOBILENET-5
DC&CLIENT-SVC-4-FWDC&CLIENT-SVC-4-FW HOUSING-3-FWHOUSING-3-FW PHYS-PLANT-6-FWPHYS-PLANT-6-FW WLS-MOOBILENET-6WLS-MOOBILENET-6
DC&CLIENT-SVC-40-FWDC&CLIENT-SVC-40-FW HR&RISK-MGMT-1-DMZHR&RISK-MGMT-1-DMZ PHYS-PLANT-7PHYS-PLANT-7 WLS-MOOBILENET-7WLS-MOOBILENET-7
DC&CLIENT-SVC-45DC&CLIENT-SVC-45 HR&RISK-MGMT-1-FWHR&RISK-MGMT-1-FW PHYS-PLANT-DMZPHYS-PLANT-DMZ WLS-MOOBILENET-8WLS-MOOBILENET-8
DC&CLIENT-SVC-46DC&CLIENT-SVC-46 HR&RISK-MGMT-3-FWHR&RISK-MGMT-3-FW PHYSICS-1-DMZPHYSICS-1-DMZ WLS-MOOBILENET-9WLS-MOOBILENET-9
DC&CLIENT-SVC-47DC&CLIENT-SVC-47 HR&RISK-MGMT-4-FWHR&RISK-MGMT-4-FW PHYSICS-1-FWPHYSICS-1-FW WLS-MOOBILENETX-1WLS-MOOBILENETX-1
DC&CLIENT-SVC-48-FWDC&CLIENT-SVC-48-FW HR&RISK-MGMT-5-DMZHR&RISK-MGMT-5-DMZ PHYSICS-2-FWPHYSICS-2-FW WLS-MOOBILENETX-10WLS-MOOBILENETX-10
DC&CLIENT-SVC-49-FWDC&CLIENT-SVC-49-FW HR&RISK-MGMT-5-FWHR&RISK-MGMT-5-FW PHYSICS-3PHYSICS-3 WLS-MOOBILENETX-11WLS-MOOBILENETX-11
DC&CLIENT-SVC-5-FWDC&CLIENT-SVC-5-FW HR&RISK-MGMT-6-FWHR&RISK-MGMT-6-FW PHYSICS-4-FWPHYSICS-4-FW WLS-MOOBILENETX-2WLS-MOOBILENETX-2
DC&CLIENT-SVC-50-FWDC&CLIENT-SVC-50-FW HUM-INNOV-LAB-1-DMZHUM-INNOV-LAB-1-DMZ PHYSICS-5PHYSICS-5 WLS-MOOBILENETX-3WLS-MOOBILENETX-3
DC&CLIENT-SVC-51-DMZDC&CLIENT-SVC-51-DMZ HUM-INNOV-LAB-1-FWHUM-INNOV-LAB-1-FW PHYSICS-CCNIEPHYSICS-CCNIE WLS-MOOBILENETX-4WLS-MOOBILENETX-4
DC&CLIENT-SVC-51-FWDC&CLIENT-SVC-51-FW HUMN&COM-DEV-1-DMZHUMN&COM-DEV-1-DMZ PLAN&BUDGET-1-FWPLAN&BUDGET-1-FW WLS-MOOBILENETX-5WLS-MOOBILENETX-5
DC&CLIENT-SVC-52-VPNDC&CLIENT-SVC-52-VPN HUMN&COM-DEV-1-FWHUMN&COM-DEV-1-FW PLANT-BIOLOGY-1-DMZPLANT-BIOLOGY-1-DMZ WLS-MOOBILENETX-6WLS-MOOBILENETX-6
DC&CLIENT-SVC-53-VPNDC&CLIENT-SVC-53-VPN HUMN&COM-DEV-2-DMZHUMN&COM-DEV-2-DMZ PLANT-BIOLOGY-1-FWPLANT-BIOLOGY-1-FW WLS-MOOBILENETX-7WLS-MOOBILENETX-7
DC&CLIENT-SVC-54-FWDC&CLIENT-SVC-54-FW HUMN&COM-DEV-2-FWHUMN&COM-DEV-2-FW PLANT-PATH-1-FWPLANT-PATH-1-FW WLS-MOOBILENETX-8WLS-MOOBILENETX-8
DC&CLIENT-SVC-55-FWDC&CLIENT-SVC-55-FW HUMN&COM-DEV-4HUMN&COM-DEV-4 PLANT-PATH-2-FWPLANT-PATH-2-FW WLS-MOOBILENETX-9WLS-MOOBILENETX-9
DC&CLIENT-SVC-60DC&CLIENT-SVC-60 HVAC-1-DMZHVAC-1-DMZ PLANT-PATH-3PLANT-PATH-3 WLS-RESNET-1WLS-RESNET-1
DC&CLIENT-SVC-65-FWDC&CLIENT-SVC-65-FW HVAC-1-FWHVAC-1-FW PLANT-PATH-4PLANT-PATH-4 WLS-RESNET-10WLS-RESNET-10
DC&CLIENT-SVC-67DC&CLIENT-SVC-67 HVAC-2-DMZHVAC-2-DMZ PLANT-PATH-DMZPLANT-PATH-DMZ WLS-RESNET-11WLS-RESNET-11
DC&CLIENT-SVC-68DC&CLIENT-SVC-68 HVAC-2-FWHVAC-2-FW PLANT-SCIENCES-1-DMZPLANT-SCIENCES-1-DMZ WLS-RESNET-12WLS-RESNET-12
DC&CLIENT-SVC-70-FWDC&CLIENT-SVC-70-FW HVAC-3HVAC-3 PLANT-SCIENCES-1-FWPLANT-SCIENCES-1-FW WLS-RESNET-13WLS-RESNET-13
DC&CLIENT-SVC-71-FWDC&CLIENT-SVC-71-FW IDAV-1IDAV-1 PLANT-SCIENCES-10-DMZPLANT-SCIENCES-10-DMZ WLS-RESNET-14WLS-RESNET-14
DC&CLIENT-SVC-72-DMZDC&CLIENT-SVC-72-DMZ IDAV-2-DMZIDAV-2-DMZ PLANT-SCIENCES-10-FWPLANT-SCIENCES-10-FW WLS-RESNET-15WLS-RESNET-15
DC&CLIENT-SVC-73-FWDC&CLIENT-SVC-73-FW IDAV-2-FWIDAV-2-FW PLANT-SCIENCES-13-DMZPLANT-SCIENCES-13-DMZ WLS-RESNET-19WLS-RESNET-19
DC&CLIENT-SVC-74-FWDC&CLIENT-SVC-74-FW IDAV-CSE-1-2-DMZIDAV-CSE-1-2-DMZ PLANT-SCIENCES-13-FWPLANT-SCIENCES-13-FW WLS-RESNET-2WLS-RESNET-2
DC&CLIENT-SVC-75-FWDC&CLIENT-SVC-75-FW IDAV-CSE-1-FWIDAV-CSE-1-FW PLANT-SCIENCES-14-DMZPLANT-SCIENCES-14-DMZ WLS-RESNET-20WLS-RESNET-20
DC&CLIENT-SVC-76-FWDC&CLIENT-SVC-76-FW IDAV-CSE-2-FWIDAV-CSE-2-FW PLANT-SCIENCES-14-FWPLANT-SCIENCES-14-FW WLS-RESNET-21WLS-RESNET-21
DC&CLIENT-SVC-77-FWDC&CLIENT-SVC-77-FW IDAV-CSE-3-HPRIDAV-CSE-3-HPR PLANT-SCIENCES-2-DMZPLANT-SCIENCES-2-DMZ WLS-RESNET-22WLS-RESNET-22
DC&CLIENT-SVC-78-FWDC&CLIENT-SVC-78-FW IDS-2IDS-2 PLANT-SCIENCES-2-FWPLANT-SCIENCES-2-FW WLS-RESNET-3WLS-RESNET-3
DC&CLIENT-SVC-8-FWDC&CLIENT-SVC-8-FW IET-EAIS-SANDBOX-1-FWIET-EAIS-SANDBOX-1-FW PLANT-SCIENCES-3-DMZPLANT-SCIENCES-3-DMZ WLS-RESNET-4WLS-RESNET-4
DC&CLIENT-SVC-85DC&CLIENT-SVC-85 IN-GOVT-AFF-1-DMZIN-GOVT-AFF-1-DMZ PLANT-SCIENCES-3-FWPLANT-SCIENCES-3-FW WLS-RESNET-5WLS-RESNET-5
DC&CLIENT-SVC-86DC&CLIENT-SVC-86 IN-GOVT-AFF-1-FWIN-GOVT-AFF-1-FW PLANT-SCIENCES-4-DMZPLANT-SCIENCES-4-DMZ WLS-RESNET-6WLS-RESNET-6
DC&CLIENT-SVC-87DC&CLIENT-SVC-87 IN-GOVT-AFF-2-FWIN-GOVT-AFF-2-FW PLANT-SCIENCES-4-FWPLANT-SCIENCES-4-FW WLS-RESNET-7WLS-RESNET-7
Q12.Q12. Number of Systems supported: Number of Systems supported: Windows Systems-Windows Systems-
Q13.Q13. Macintosh Systems- Macintosh Systems-
Q14.Q14. Unix /Linux Variant Systems- Unix /Linux Variant Systems-
DC&CLIENT-SVC-88DC&CLIENT-SVC-88 IN-GOVT-AFF-3-FWIN-GOVT-AFF-3-FW PLANT-SCIENCES-5-DMZPLANT-SCIENCES-5-DMZ WLS-RESNET-8WLS-RESNET-8
DC&CLIENT-SVC-89DC&CLIENT-SVC-89 INFOBLOX-1INFOBLOX-1 PLANT-SCIENCES-5-FWPLANT-SCIENCES-5-FW WLS-RESNET-9WLS-RESNET-9
DC&CLIENT-SVC-90DC&CLIENT-SVC-90 INFOBLOX-2INFOBLOX-2 PLANT-SCIENCES-6-DMZPLANT-SCIENCES-6-DMZ WLS-UNMANAGED-1WLS-UNMANAGED-1
DC&CLIENT-SVC-91DC&CLIENT-SVC-91 INST-T-DYNAM-1INST-T-DYNAM-1 PLANT-SCIENCES-6-FWPLANT-SCIENCES-6-FW WOMENS-CNTR-1-FWWOMENS-CNTR-1-FW
DC&CLIENT-SVC-92DC&CLIENT-SVC-92 INST-TRNS-ST-1INST-TRNS-ST-1 PLANT-SCIENCES-8-DMZPLANT-SCIENCES-8-DMZ XRAY-1XRAY-1
DC&CLIENT-SVC-93DC&CLIENT-SVC-93 INST-TRNS-ST-2-DMZINST-TRNS-ST-2-DMZ PLANT-SCIENCES-8-FWPLANT-SCIENCES-8-FW Other VLANOther VLAN
DC&CLIENT-SVC-94DC&CLIENT-SVC-94
Q27.Q27. If you chose "Other VLAN" in the previous question please give details.
This question was not displayed to the respondent.
Q121.Q121. If you chose "Cloud services" in the previous question please give details.
This question was not displayed to the respondent.
Q122.Q122.If you chose "Individual machine" in the previous question please provide the MAC address for theindividual machine the survey is being filled out for.
This question was not displayed to the respondent.
Q16.Q16.Who is the CISO is of U.C. Davis?Who is the CISO is of U.C. Davis?
Q17.Q17.Who is the Privacy Officer for U.C. Davis?Who is the Privacy Officer for U.C. Davis?
Q18.Q18.How would you contact the information security group if you needed to reach them? How would you contact the information security group if you needed to reach them?
Q15.Q15. We’d like to ask a few awareness questions—it’s OK if you don’t know the answers. Your honest We’d like to ask a few awareness questions—it’s OK if you don’t know the answers. Your honestresponse will help us understand how visible these positions are to the campus.response will help us understand how visible these positions are to the campus.
Q19.Q19.Main Survey Main Survey
YesYes
NoNo
Q20.Q20. ISO 5 Information security: 1) In the last year, has your unit engaged in a risk assessment from an external source or on your own?
Yes, and it is based on a risk assessment that the unit went throughYes, and it is based on a risk assessment that the unit went through
Yes, and it is not based on a risk assessmentYes, and it is not based on a risk assessment
NoNo
Q21.Q21.2) In the last two years, has your unit developed an information security plan?
YesYes
NoNo
Q22.Q22.3) Does your unit house a system or provide a service that is critical to the business of other campus departments (i.e.,Banner, Pre-Purchasing, etc.)?
Q23.Q23.3b) If you chose yes for question 3 please give details. Question 3 was, "Does your unit house a system orprovide a service that is critical to the business of other campus departments (i.e.,Banner, Pre-Purchasing, etc.)?"
This question was not displayed to the respondent.
YesYes
NoNo
Q24.Q24.ISO 6 Organization of information security4) Does an individual in your unit have information security responsibility included in his/her job description?
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q25.Q25.5) What percentage of the technical staff have information security responsibility included in their job descriptions?
00
1-101-10
11-2011-20
>20>20
Q26.Q26.6) Of the faculty and staff that you support, how many have telecommuted on at least one occasion?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q28.Q28.7) If you answered one or more, what percentage used non-university-owned devices? (I.e., a personal or homecomputer not managed and maintained by the university.)
YesYes
NoNo
Q29.Q29.8) Does your unit have an official telecommuting policy?
YesYes
NoNo
Q30.Q30.9) Does your department allow personally owned computing devices to connect to internal networks (i.e., using personalphone or laptop to connect to a departmental file server)?
YesYes
NoNo
Q31.Q31.10) Does your department have a way to keep track of non-authorized, or non-UC Davis owned devices that connect toyour departmental network (i.e. through VPN access logs)?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
Q32.Q32.11) If you answered yes to question 10, then within the last year, of the devices that connected to your internal network,what percentage are unmanaged devices (i.e., personal laptops, tablets, etc.)?
90-95%90-95%
96-100%96-100%
1-50%1-50%
Done before they start workDone before they start work
1-2 Days1-2 Days
3-4 Days3-4 Days
5-7 Days5-7 Days
8 or more Days8 or more Days
Q33.Q33.ISO 7 Human resource security12) What is the average time it takes to onboard a new employee into your unit, (i.e., granting them access to campusand departmental systems, and equipping them to work)?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q34.Q34.13) What percentage of IT employees have background checks before or upon starting work?
UnknownUnknown
0-50%0-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q35.Q35.14) What percentage of non-IT employees have background checks before or upon starting work?
Q36.Q36.15) Are security guidelines/responsibilities documented and discussed with all employees (i.e., in department policy orprocedural manual, in their job description, etc.)?
YesYes
NoNo
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q37.Q37.16) What percentage of employees participate in cyber security training, including awareness training?
Never or rarelyNever or rarely
At least once in the last three yearsAt least once in the last three years
1-2 times a year�1-2 times a year�
More than 2 times a yearMore than 2 times a year
Q38.Q38.17) On average, how often do non-IT employees within your department/unit receive technical training to improve theirskills, or awareness training to increase their knowledge?
Never or rarelyNever or rarely
At least once in the last three yearsAt least once in the last three years
1-2 times a year�1-2 times a year�
More than 2 times a yearMore than 2 times a year
Q39.Q39.18) On average, how often does the technical staff (i.e. developers, sysadmins, etc.) in your department receive technicaltraining concerning best practices in their area of expertise? (I.e., developers/OWSP or sysadmins/system hardening)
DayDay
Week�Week�
Month�Month�
Year�Year�
Q40.Q40. 19) When an employee leaves your department, how long (on average) does it take to revoke his/her access rightsto systems that have sensitive data?
Do not knowDo not know
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q41.Q41.ISO 8 Asset management:20) What percentage of university-owned devices with the ability to store information (i.e. computers, printers, phones)are tracked within an inventory system?
YesYes
NoNo
Q42.Q42.21) Does your department/unit have a formal written document that employees are required to sign, advising them oftheir responsibilities for equipment assigned to them?
0%0%
1-10%1-10%
11-25%11-25%
26-50%26-50%
>50%>50%
Q43.Q43.22) If yes, what percentage of employees have not sign the document?
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q44.Q44.23) Think of all the computing equipment used by people in your department (i.e. laptop, desktop, hard drive, tape drive,etc.). If the equipment were stolen, would you be able to assess whether it contained personal information? Please choosethe percentage that best fits your situation, as in, I could know XX-XX percent of the time whether the stolen itemcontained personal information.
1-50%1-50%
Very low or noneVery low or none
Low�Low�
Medium�Medium�
HighHigh
Very highVery high
Q45.Q45.24) For Question 23, with what degree of accuracy could you make that assessment about a stolen piece of equipment?
None of the devices in this unit contains this dataNone of the devices in this unit contains this data
UnknownUnknown
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q46.Q46.25) What percentage of university-owned devices in your area store student data information?
None of the devices in this unit contains this dataNone of the devices in this unit contains this data
UnknownUnknown
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q47.Q47.26) What percentage of devices store information that might be considered to be health Information or data?
None of the devices in this unit contains this dataNone of the devices in this unit contains this data
UnknownUnknown
Q48.Q48.27) What percentage of systems contain credit card information (not counting the information an individual keeps forher/his own credit card)?
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
None of the devices in this unit contains this dataNone of the devices in this unit contains this data
UnknownUnknown
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q49.Q49.28) What percentage of systems store PII , excluding personal tax and PII that a normal user keeps on his/her machine?
None of the devices in this unit contains this dataNone of the devices in this unit contains this data
UnknownUnknown
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q50.Q50.29) Within the last year, what percentage of devices (laptops, desktops, servers, etc.) have been scanned for sensitivedata (e.g. Social Security numbers, FERPA, HIPPA, PCI data)?
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
There are no critical systemsThere are no critical systems
1-50%1-50%
Q51.Q51.30) Within the last year, what percentage of your department’s critical systems have been scanned for sensitive data(e.g., Social Security numbers, FERPA, HIPPA, PCI data)?
We do not scanWe do not scan
Manual process (i.e., a questionnaire)Manual process (i.e., a questionnaire)
Identity Finder (license provided by campus)Identity Finder (license provided by campus)
Identity Finder (other license)Identity Finder (other license)
App/Scripts developed within the departmentApp/Scripts developed within the department
OtherOther
Q52.Q52.31) What primary tool do you use for scanning for sensitive data?
Q53.Q53. 31b) If you answered "Other" for question 31 please give details. Question 31 was,"What primary tool do you use for scanning for sensitive data?"
This question was not displayed to the respondent.
DailyDaily
Weekly�Weekly�
MonthlyMonthly
Yearly�Yearly�
When necessaryWhen necessary
Never or rarelyNever or rarely
Q54.Q54.32) If you scan, how frequently?
No growth�No growth�
1-10% growth1-10% growth
11-25% growth11-25% growth
26-50% growth26-50% growth
>50% growth>50% growth
Q55.Q55.33) Over the last 24 months, what is the growth of cloud adoption within your departmentor unit?
Q56.Q56.34) Over the next two to five years, what is the projected growth of cloud adoption within your department or unit?
No growth�No growth�
1-10% growth1-10% growth
11-25% growth11-25% growth
26-50% growth26-50% growth
>50% growth>50% growth
DailyDaily
Weekly�Weekly�
MonthlyMonthly
Yearly�Yearly�
When necessaryWhen necessary
Never or rarelyNever or rarely
Q57.Q57.ISO 9 Access control35) How often are user permissions reviewed for your critical systems?
NeverNever
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q58.Q58.36) When employees’ roles or positions change, what percentage of the time are their permissions reviewed?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q59.Q59.37) What percentage of your critical systems that your unit provides require multi-factor authentication?
Q60.Q60.
Yes, for all employeesYes, for all employees
Yes, for a subset of employeesYes, for a subset of employees
NoNo
Q60.Q60.38) Does your department/unit use a department-wide password management system (i.e. Lastpass)?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q61.Q61.39) In the last two years, please estimate the percentage of your critical systems for which your department/unit hasaudited the user accounts.
No user accounts were invalidNo user accounts were invalid
1-5%1-5%
6-10%6-10%
11-20%11-20%
>20%>20%
UnknownUnknown
Q62.Q62.40) If you answered something other than “none” for question 39: When last checked, what percentage of user accountswere invalid, i.e. they were active with permissions for employees who no longer work at UC Davis, and had noextenuating circumstances justifying an active account, or system calls with outdated account?
(Question 39 was: "In the last two years, please estimate the percentage of your criticalsystems for which your department/unit has audited the user accounts.")
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q63.Q63.ISO 10 Cryptography41) What percentage of university-owned mobile devices in your area (i.e. laptops, tablets, phones) use full-diskencryption?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q64.Q64.42) What percentage of university-owned desktops in your area use full-disk encryption?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q65.Q65.43) What percentage of file shares and other file storage devices/services are encrypted?
YesYes
NoNo
Q66.Q66.44) Does your department have a documented encryption key management process?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q67.Q67.ISO 11 Physical and environmental security45) What percentage of machines that are critical to your department’s infrastructure, or that retain sensitive data, are inrestricted locations? (E.g., a locked server room, or locked research lab, with controls to monitor access.)
YesYes
NoNo
Q68.Q68.46) Does your department/unit have a documented procedure for disposing of computer storage devices?
NoneNone
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q69.Q69.47) What percentage of workstations in your area are secured with cables and locks?
YesYes
NoNo
Q70.Q70.48) Do you have a documented locked screen policy? e.g. the computer will auto lock the screen after so many minutesof not being used.
Q71.Q71.49) If yes to 48: What percentage of users generally follow it? Question 48 was, "Do you have a documentedlocked screen policy? e.g. the computer will auto lock the screen after so many minutesof not being used."
This question was not displayed to the respondent.
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
Q72.Q72.ISO 12 Operations security50) In your environment, what percentage of your infrastructure is monitored to provide instant status (i.e., of the healthof your network and the devices on it)?
96-100%96-100%
1-50%1-50%
Yes, but only some services has separate environmentsYes, but only some services has separate environments
Yes, all unique environments are separated from each other to writeYes, all unique environments are separated from each other to write
NoNo
Does not applyDoes not apply
Q73.Q73.51) Are your development, testing, and production environments separated from each other?
Q74.Q74. 51b) If you answered "Does not apply" for question 51 please give details. Question51 was, "Are your development, testing, and production environments separated fromeach other? "
This question was not displayed to the respondent.
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q75.Q75.52) What percentage of the Windows-based operating systems have antivirus software?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q76.Q76.53) What percentage of the Mac-based operating systems have antivirus software?
We do not have a central or enterprise console.We do not have a central or enterprise console.
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q77.Q77.54) For the devices that have antivirus software installed, what percentage is managed through a central or enterpriseconsole?
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q78.Q78.55) What percentage of servers is routinely backed up?
At least weeklyAt least weekly
At least monthlyAt least monthly
At least every other monthAt least every other month
At least twice a yearAt least twice a year
At least yearlyAt least yearly
Backups are not really checkedBackups are not really checked
Q79.Q79.56) On average, how often are backups tested for critical servers (i.e. fileserver)?
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
Q80.Q80.57) What percentage of end-user devices are equipped with backup software?
96-100%96-100%
1-50%1-50%
0%0%
96-100%96-100%
1-50%1-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
Q81.Q81.58) What percentage of backups that are managed by the department IT staff, i.e. not cloud storage and notpersonal external hard drives, stored separately from the rest of the network, i.e. tape/HD stored offsite?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q82.Q82.59) What percentage of your IT systems are set up to generate logs with relevant data ?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q83.Q83.60) What percentage of critical devices (i.e. servers and/or computers with highly sensitive data) are set up to activelycollect logs that are monitored either manually or through a SIEM or other alerting tool/service?
Q84.Q84.61) How often does your department or unit analyze logs to detect anomalies?
ContinuouslyContinuously
DailyDaily
WeeklyWeekly
RarelyRarely
NeverNever
DayDay
Week�Week�
Month�Month�
Year�Year�
Do not knowDo not know
Q85.Q85.62) On average, how long are logs retained for systems your department deems critical (i.e. AD Server, File server, etc.)?
Q86.Q86.63) Do you send logs to an alerting service?
Yes, to the UC Davis SIEM tool (managed by IET)Yes, to the UC Davis SIEM tool (managed by IET) Although the department has logs, they are not evaluatedAlthough the department has logs, they are not evaluatedregularlyregularly
Yes, to a monitoring service, i.e. Alert LogicYes, to a monitoring service, i.e. Alert Logic Our unit/department does not have logsOur unit/department does not have logs
Although department has logs, they are evaluated or monitoredAlthough department has logs, they are evaluated or monitoredinternally (i.e. alerting scripts, daily review process of criticalinternally (i.e. alerting scripts, daily review process of criticallogs, etc.)logs, etc.)
OtherOther
Q137.Q137. 63b) If you answered "Other" for question 63 please give details. Question 63 was "Do yousend logs to an alerting service?
This question was not displayed to the respondent.
UnknownUnknown
0%0%
26-50%26-50%
51-75%51-75%
76-100%76-100%
1-25%1-25%
Q87.Q87.64) What percentage of users operate with administrative privileges?
UnknownUnknown
0%0%
26-50%26-50%
51-75%51-75%
76-100%76-100%
1-25%1-25%
Q88.Q88.65) What percentage of university-owned devices are not managed by the IT Department? e.g. A research lab desktopthat the P.I. has administrative privileges, but the IT Department does not.
Q89.Q89.66) What is the primary method that your unit uses to patch end-point devices?
On an individual basis (Sneaker Net)On an individual basis (Sneaker Net) Puppet�Puppet�
Turning on “auto update” on for all software with thatTurning on “auto update” on for all software with thatfunctionality�functionality� WSUSWSUS
Automated custom scripts (i.e. Perl, Python, AppleScript, etc.)Automated custom scripts (i.e. Perl, Python, AppleScript, etc.) OtherOther
IBM BigfixIBM Bigfix SCCMSCCM
Q90.Q90. 66b) If you answered "Other" for question 66 please give details. (Question 66 was,"What is the primary method that your unit uses to patch end-point devices?"
This question was not displayed to the respondent.
Q91.Q91. 67) What is the primary method that your unit uses to patch third-party software on end- point devices?
On an individual basis (Sneaker Net)On an individual basis (Sneaker Net) Puppet�Puppet�
Turning on “auto update” on for all software with thatTurning on “auto update” on for all software with thatfunctionality�functionality� WSUSWSUS
Automated custom scripts (i.e. Perl, Python, AppleScript, etc.)Automated custom scripts (i.e. Perl, Python, AppleScript, etc.) OtherOther
IBM BigfixIBM Bigfix SCCMSCCM
Q92.Q92. 67b) If you answered "Other" for question 67 please give details. Question 67 was,"What is the primary method that your unit uses to patch third-party software on end-point devices?"
This question was not displayed to the respondent.
Q93.Q93.68) What is the primary method that your unit uses to patch servers?
On an individual basis (Sneaker Net)On an individual basis (Sneaker Net) Puppet�Puppet�
Turning on “auto update” on for all software with thatTurning on “auto update” on for all software with thatfunctionality�functionality� WSUSWSUS
Automated custom scripts (i.e. Perl, Python, AppleScript, etc.)Automated custom scripts (i.e. Perl, Python, AppleScript, etc.) OtherOther
IBM BigfixIBM Bigfix SCCMSCCM
Q94.Q94. 68b) If you answered "Other" for question 68 please give details. Question 68 was,"What is the primary method that your unit uses to patch servers?"
This question was not displayed to the respondent.
UnknownUnknown
0-50%0-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q95.Q95.69) What percentage of devices are up to date with all required patches?
YesYes
NoNo
Q96.Q96.ISO 13 Communications security70) Does your department/unit have a policy on securely sharing files?
Q97.Q97. 71) What method does your department use to securely share files?
File share server, with documented processes in place to shareFile share server, with documented processes in place to sharesecurelysecurely Other on-premises toolOther on-premises tool
Box, with documented processes in place to share securelyBox, with documented processes in place to share securely Other cloud-based toolOther cloud-based tool
OneDrive (cloud SharePoint), with documented processes inOneDrive (cloud SharePoint), with documented processes inplace to share securelyplace to share securely
Use one or more tools, but no documented process to shareUse one or more tools, but no documented process to sharesecurelysecurely
Google Drive, with documented processes in place to shareGoogle Drive, with documented processes in place to sharesecurelysecurely
Q98.Q98. 71b) If you answered "Other cloud-based tool" for question 71 please give details.Question 71 was, "What method does your department use to securely share files?"
This question was not displayed to the respondent.
YesYes
NoNo
Q99.Q99.72) Does your department have guidelines or documented processes to govern electronic messaging?
0%0%
26-50%26-50%
51-75%51-75%
76-100%76-100%
1-25%1-25%
Q100.Q100.ISO 14 System acquisition, development and maintenance:73) Of the applications that you support, what percentage process secure information ?
YesYes
NoNo
Q101.Q101.74) Does your department/unit have a documented secure application development policy or “good practice” guide?
00
11
2-32-3
4-54-5
>5>5
Q102.Q102.75) In the last year, have you experienced disclosure of sensitive data within test environments?
YesYes
NoNo
Q103.Q103.ISO 15 Supplier relationships:76) Does your department/unit have a formal departmental practice/procedure in place for managing supplierrelationships?
0 times0 times
1-2 times1-2 times
3-5 times3-5 times
6-10 times6-10 times
>10 times>10 times
Q104.Q104.ISO 16 Information security incident management:77) In the last year, did your department/unit experience a major incident (i.e., a significant intrusion)?
YesYes
NoNo
Q105.Q105.78) Does your department/unit have a formal incident response plan?
0 times0 times
1-2 times1-2 times
3-5 times3-5 times
6-10 times6-10 times
>10 times>10 times
Q106.Q106.79) In the last year, how many times did your department/unit escalate an information security event to the UC DavisInformation Security team?
NeverNever
1-2 times a year1-2 times a year
3-5 times a year3-5 times a year
6-10 times a year6-10 times a year
Q107.Q107.80) In your department/unit, how often are security weaknesses reported from people, that are not IT Staff?
>10 times a year>10 times a year
YesYes
NoNo
Q108.Q108.81) In your department/unit, is there a notification procedure for employees on security events or weaknesses?
UnknownUnknown
0%0%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
1-50%1-50%
Q109.Q109.82) What percentage of the time are security procedures reviewed after events or weaknesses are reported?
Yes, but have not updated it in the last yearYes, but have not updated it in the last year
Yes, and it was done or has been updated in the last yearYes, and it was done or has been updated in the last year
NoNo
Q110.Q110.ISO 17 Information security aspects of business continuity management: 83) To your knowledge, has your department/unit participated in the systemwide continuity-planning program, throughthe use of the UC Ready tool?
Yes, but have not updated it in the last yearYes, but have not updated it in the last year
Yes, and it was done or has been updated in the last yearYes, and it was done or has been updated in the last year
NoNo
Q111.Q111.84) Has your department/unit developed a continuity plan, not including the UC Ready tool?
Q112.Q112.ISO 18 Compliance:85) In your department/unit, which standards or regulatory requirements would cost the department the most ifcompliance is not met?
Student data (FERPA)Student data (FERPA)
Health or medical data (HIPAA like data)Health or medical data (HIPAA like data)
Credit card data (PCI-DSS)Credit card data (PCI-DSS)
UC Davis cybersafety policyUC Davis cybersafety policy
Intellectual PropertyIntellectual Property
OthersOthers
Q116.Q116.85b) If you answered "Other" for question 85 please give details. Question 85 was, "Inyour department/unit, which standards or regulatory requirements would cost thedepartment the most if compliance is not met?"
This question was not displayed to the respondent.
0-50%0-50%
51-79%51-79%
80-89%80-89%
90-95%90-95%
96-100%96-100%
Q113.Q113.86) For the above, what is your confidence level that the department/unit complies with applicable standards andregulatory requirements?
Staffing (resources)Staffing (resources)
Processes (training)Processes (training)
Technologies (tools)Technologies (tools)
DocumentationDocumentation
OtherOther
Organizational Resistance to ChangeOrganizational Resistance to Change
Q114.Q114.87) In your department/unit, what area is the primary constraint on the ability to implement standards or regulatoryrequirements?
Q117.Q117.87b) If you answered "Other" for question 87 please give details. Question 87 was, "Inyour department/unit, what area is the primary constraint on the ability to implementstandards or regulatory requirements?"
Q120.Q120.90) How many funds has your unit/department/college budgeted only to be used in case of a data breach?90) How many funds has your unit/department/college budgeted only to be used in case of a data breach?
standards or regulatory requirements?"
This question was not displayed to the respondent.
Less than a year agoLess than a year ago
Within 1-2 yearsWithin 1-2 years
Within 2-3 yearsWithin 2-3 years
More than 3 yearsMore than 3 years
NeverNever
Q115.Q115.88) When was the last time an audit was performed by someone outside of your department/unit to assess yourcompliance?
Risk assessmentRisk assessment
Penetration testingPenetration testing
Incident responseIncident response
TrainingTraining
OtherOther
Q118.Q118.89) In your department/unit, which of the following services would do the most to help you increase your compliancelevel?
Q119.Q119.89b) If you answered "Other" for question 89 please give details. Question 89 was, "Inyour department/unit, which of the following services would do the most to help youincrease your compliance level?"
This question was not displayed to the respondent.
Q130.Q130.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campus
Q131.Q131.Name of person completing report:Name of person completing report:
Q132.Q132.Name of supervisor or direct manager:Name of supervisor or direct manager:
Q133.Q133.Email AddressEmail Address
Q134.Q134.Phone Number Phone Number
must either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.
The UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andThe UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andimproved with a change in approach. The 2015 survey:improved with a change in approach. The 2015 survey:
Introduces ISO security standards as the framework for assessing security compliance. This alignsIntroduces ISO security standards as the framework for assessing security compliance. This alignswith UC Office of the President efforts to rewrite University of California Information Security Policy ISwith UC Office of the President efforts to rewrite University of California Information Security Policy IS3 so that it mirrors ISO 27001 and 27002 Security criteria.3 so that it mirrors ISO 27001 and 27002 Security criteria.Moves away from simple yes/no answers, to more nuanced questions that will provide higher qualityMoves away from simple yes/no answers, to more nuanced questions that will provide higher qualitydata and a more accurate overall picture.data and a more accurate overall picture.
The safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyThe safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyappreciates your candid participation in this survey. As technical professionals, you know how importantappreciates your candid participation in this survey. As technical professionals, you know how importantbest practices are to security administration. This survey, and the results it obtains, reinforce thosebest practices are to security administration. This survey, and the results it obtains, reinforce thosestandards.standards.
Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Therefore, we (the Information Security group) are looking for the best possible answers, not for perfect orTherefore, we (the Information Security group) are looking for the best possible answers, not for perfect orexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to beexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to becorrect. If there is no hard data for a particular question, then please answer with your best guess.correct. If there is no hard data for a particular question, then please answer with your best guess.
We are seeking insight into how the campus operates, and giving us your best possible answers will help usWe are seeking insight into how the campus operates, and giving us your best possible answers will help us1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our services1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our servicesto help reduce that risk.to help reduce that risk.
Your responses will help us understand our collective progress and shed light on our shared challenges.Your responses will help us understand our collective progress and shed light on our shared challenges.Thank you in advance for thoughtfully participating in this critical survey.Thank you in advance for thoughtfully participating in this critical survey.
Q136.Q136. Name of Unit/Department (include sub-units if appropriate) Name of Unit/Department (include sub-units if appropriate)
Q124.Q124.Name of person completing report:Name of person completing report:
Q135.Q135. Name of College, Professional School, Administrative Unit: Name of College, Professional School, Administrative Unit:
Q123.Q123.Introduction Introduction UC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkUC Davis Policy 310-22 requires that devices connected to the UC Davis electronic communication networkmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusmust either meet UC Davis security standards or obtain an authorized exception to policy. Further, campusunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunits must annually report, to their respective dean, vice chancellor or vice provost, the extent to which theunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportunit’s operations satisfy the campus security plan. Theses individual reports culminate in an annual reportdescribing the state of UC Davis’ computer and network security.describing the state of UC Davis’ computer and network security.
The UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andThe UC Davis Cyber Security Survey is part of this process. After a hiatus, the survey is back – revised andimproved with a change in approach. The 2015 survey:improved with a change in approach. The 2015 survey:
Introduces ISO security standards as the framework for assessing security compliance. This alignsIntroduces ISO security standards as the framework for assessing security compliance. This alignswith UC Office of the President efforts to rewrite University of California Information Security Policy ISwith UC Office of the President efforts to rewrite University of California Information Security Policy IS3 so that it mirrors ISO 27001 and 27002 Security criteria.3 so that it mirrors ISO 27001 and 27002 Security criteria.Moves away from simple yes/no answers, to more nuanced questions that will provide higher qualityMoves away from simple yes/no answers, to more nuanced questions that will provide higher qualitydata and a more accurate overall picture.data and a more accurate overall picture.
The safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyThe safety and security of our technical infrastructure is a shared responsibility, so the campus deeplyappreciates your candid participation in this survey. As technical professionals, you know how importantappreciates your candid participation in this survey. As technical professionals, you know how importantbest practices are to security administration. This survey, and the results it obtains, reinforce thosebest practices are to security administration. This survey, and the results it obtains, reinforce thosestandards.standards.
Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Of course, the effort to achieve best practices exists in various stages of maturity throughout campus.Therefore, we (the Information Security group) are looking for the best possible answers, not for perfect orTherefore, we (the Information Security group) are looking for the best possible answers, not for perfect orexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to beexact answers. For this survey, no answer is inherently wrong as long as it states what you believe to becorrect. If there is no hard data for a particular question, then please answer with your best guess.correct. If there is no hard data for a particular question, then please answer with your best guess.
We are seeking insight into how the campus operates, and giving us your best possible answers will help usWe are seeking insight into how the campus operates, and giving us your best possible answers will help us1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our services1) identify trends across campus, and 2) find the areas with the most risk, so that we can offer our servicesto help reduce that risk.to help reduce that risk.
Your responses will help us understand our collective progress and shed light on our shared challenges.Your responses will help us understand our collective progress and shed light on our shared challenges.Thank you in advance for thoughtfully participating in this critical survey.Thank you in advance for thoughtfully participating in this critical survey.
Q125.Q125.Name of supervisor or direct manager:Name of supervisor or direct manager:
Q126.Q126.Email AddressEmail Address
Q127.Q127.Phone Number Phone Number
Q129.Q129. Name of Unit/Department (include sub-units if appropriate) Name of Unit/Department (include sub-units if appropriate)
Location Data
Location: (38.482894897461, -121.63980102539)
Source: GeoIP Estimation
Q128.Q128. Name of College, Professional School, Administrative Unit: Name of College, Professional School, Administrative Unit: