NEWS: Incident Response and Escalation Workshop 2024 Recap

UCI Beall Applied Innovation Center - University of California, Irvine photo, Courtesy University of California, Irvine

Incident response is aimed at effectively managing and mitigating the impact of a cybersecurity incident on an organization’s information systems and people. When an incident occurs, the goal is to minimize damage, contain the incident, eradicate the threat and restore normal operations as quickly as possible. The Systemwide Cyber Incident Response Coordination Process, developed by University of California Office of the President (UCOP), defines the process for significant incidents impacting one or more UC locations and security incidents impacting more than one UC. 

An escalation protocol is a set of strategies and processes that help organizations respond in an organized and consistent way to a situation or threat. The Cyber Incident Escalation Protocol developed by UCOP was designed to be an “at-a-glance” reference for Cyber-Risk Responsible Executives (CREs), Chief Information Security Officers (CISOs) and others. 
These topics were the focus of a recent workshop at UC Irvine, organized by the Cyber-risk Coordination Center (C3) and moderated by Monte Ratzlaff, Cyber Risk Program Director and Interim UC CISO.  

Cross functional, systemwide gathering

The incident response and escalation protocol processes originally were discussed in 2022 at a systemwide Incident Response & Escalation Workshop. A follow-up workshop took place on June 12, 2024. Fifty participants, including representatives from privacy, risk, legal, IT, and security gathered at UC Irvine for the second in-person Incident Response & Escalation Workshop. Participants connected, shared information, and discussed the UC protocols and procedures that help enhance cybersecurity systemwide.  

The high-level thought and deep engagement from the incredibly dedicated group of professionals resulted in fruitful conversations and pertinent discussions around incident response and risk management.
Wendy Rager, C3 Manager, described the workshop as a fantastic occasion for experts across UC to collaborate and learn from each other, and an opportunity to unite people to ensure that UC responds to incidents as a cohesive team. 

“The Incident Response & Escalation Workshop that the C3 team organized was well planned and delivered,” said participant Al Lavassani, UCOP and Systemwide Privacy Manager. “The workshop gave me the opportunity to meet in person many key stakeholders that I’ll be working with regularly. I appreciate the outstanding work and effort that the C3 team offered. Can’t wait for the next one.”

Monte Ratzlaff (l) and presenter David Chamberlin  
Monte Ratzlaff (l) and presenter David Chamberlin  

2024 workshop introduces new Risk Appetite Statement, updated procedures

The event featured a full agenda, ranging from discussions to a guest speaker. Topics included: 

Updates to the Escalation Protocol and UCOP Systemwide IR Coordination Process 
During the workshop, participants reviewed changes to the escalation protocol, which now includes new role-specific tables, and the changes to the coordination process that now include guidance for attorney-directed incidents. 

Recently Approved Risk Appetite Statement 
Workshop participants discussed the draft of the Risk Appetite Statement recently approved by the regents. This statement is part of the UC strategic planning process and communicates UC’s definition of digital risk and the level of “appetite” UC maintains as a baseline for its operations.  

Cyber-risk Coordination Center (C3) Tools and Services Catalog 
Wendy Rager reviewed the tools and services provided to UC campuses, health centers, and labs to ensure they have robust cybersecurity management to protect institutional information and IT resources.  

Speaker David Chamberlin on Crisis Communications 
David Chamberlin, Managing Director, Strategic Communications Advisory Team, Orrick, joined the workshop remotely and presented Trust, Reputation, Data Security & You, a deep dive into how data breaches and other cybersecurity crises impact an organization’s reputation and ultimately, business.   

The workshop ended with an open forum, where participants discussed topics like Systemwide Incident Escalation Report and Notification (SIREN), cyber forensics, and future systemwide tabletop exercises.  
“It’s highly advantageous for cybersecurity, privacy, legal, and risk services representatives from across UC to collaborate, exchange information, and engage in discussions about protocols and procedures,” concluded Ratzlaff. “These interactions are essential for improving cyber safety across our organization.” 

Learn more about UC cyber security


Judi Baker
Judi Baker   
Digital Risk Communications and Events Manager   
UC Office of the President

Header image: UCI Beall Applied Innovation Center – University of California, Irvine photo, Courtesy University of California, Irvine