Skip to main content

A Lens on Information Assurance

By CISO Michael Corn, 01/28/21

At the heart of cybersecurity is not some ultra-secure server behind 12 inches of thick concrete in some unnamed, fortified building. It’s not even a genius piece of code or some extensive security protocol. It’s people -- you and me. What we care about at the Office of Information Assurance is protecting each other from undue harm even in a digital space.

The tricky part to all of this is it involves people. It’s not that technology is outpacing our understanding of it or that criminals are constantly masterminding newer and more innovative ways to separate us from our data. Rather, the weakest link in our cybersecurity posture remains the human, more specifically human error, misperceptions and behaviors. And so once again, it’s you and me.

The finest technology with even the most elegant of policies still fails when a member of our workforce or student body doesn’t use the sometimes ‘not-so-common’ common sense, or is fooled by a well-crafted phish. But most cybersecurity awareness training tends to be ineffective, lacking in its ability to engage, educate and create the necessary change required of a world-class educational institution, like UC San Diego, and its highly diverse community.

As you are well aware, our Cybersecurity in Six Words campaign was about reversing the direction of discourse from our office talking to our community to now more readily listening to our community… to hear what you all think about cybersecurity. Then and only then can we create a dialogue to understand and address your needs, perceptions, concerns, and even clear up some of those misconceptions. With 380 card entries submitted, totalling 1494 distinct words to review, your data is telling. 

For many people at UC San Diego, cybersecurity is personal. Overwhelmingly, individuals talk about protecting their own information, their own online accounts, as well as their sense of privacy. It’s also notable that we tend to talk about privacy less as a thing itself to be cherished, but rather as in opposition to corporate and governmental surveillance. Our sentiment analysis of the campaign submissions suggest that while some feel turned off by the complexity of cybersecurity practices, it is valued and seen as necessary in our modern world. And that is where our work must begin.

The lesson for our campaign is that if we hope to successfully engage with our community, we need to move past the outdated, generic awareness training currently in use. As a result, we are now looking to tailor the program to directly address the concerns of our faculty, staff and students and find better ways to mesh them with the university’s overarching mission, priorities and needs.


What does cybersecurity mean to you? Submit your own Six Words today!