Services that provide security, data integrity, and compliance for institutional activities. Includes identity and access management, security consulting and educations, incident response and investigation, and security policy and compliance.
To protect privacy, access to an employee's email account is limited to specific conditions, granted to
Fax over IP (FOIP) is permissible for HIPAA protected information provided certain conditions are met including the use of an Xmedius account. Scanners and printers directly connected to an encrypted computers may be used, but Canon multifunction printers may not.
If you've recently been notified by the IT Helpdesk that your account was compromised and you are wondering what to do next, here are some ideas!
Guidance on email links and attachments, and mass emails Guidance on email links and attachments, and mass emails
Many compliance programs have specific regulatory and local requirements regarding required controls. A chart of permitted systems for data storage provides information to users of data on what systems can be used to store or process each type of data.
This introductory article on phishing provides a description of phishing, examples of spoofed senders, purposes and types of phishing as well as associated risks.
What to do if you receive a suspicious or phishing email
This Article provides some proactive measures to minimize phishing impact, some ways to react to phishing, and actions to take if you think you were successfully phished.
The Information Security Office acknowledges the value of use of cloud based solutions in courses. This article provided guidance on how to stay within FERPA requirements when using solutions non-university solutions that contain data or require access by students.
This article describes signs of phishing, actions that criminals use to trick victim in thinking phishing message are real and phishing training that is offered with simulating message.
This article focuses on phishing attempts containing scam job offers and provides methods to determine email validity, including several sets of questions to ask if one suspects that a message is a phishing/scam email, an online tool for checking email or domain health, and FAQs concerning topics from throughout the document.
This article describes the need and use of the University's Standards for Safeguarding Information when University data is accessed by third-parties. This can take the form of a rider, often Rider C, or a stand-alone Safeguarding Data Agreement.