Services that provide security, data integrity, and compliance for institutional activities. Includes identity and access management, security consulting and educations, incident response and investigation, and security policy and compliance.

Categories (5)

Articles (13)

Accessing Employee Email Mailboxes

To protect privacy, access to an employee's email account is limited to specific conditions, granted to

Can I use Fax over IP (FoIP) for HIPAA?

Fax over IP (FOIP) is permissible for HIPAA protected information provided certain conditions are met including the use of an Xmedius account. Scanners and printers directly connected to an encrypted computers may be used, but Canon multifunction printers may not.

Compromised UMS User Account?

If you've recently been notified by the IT Helpdesk that your account was compromised and you are wondering what to do next, here are some ideas!

Links in Emails: Guidance

Guidance on email links and attachments, and mass emails Guidance on email links and attachments, and mass emails

Permitted and Restricted Systems for Data Storage and Data Processing

Many compliance programs have specific regulatory and local requirements regarding required controls. A chart of permitted systems for data storage provides information to users of data on what systems can be used to store or process each type of data.

Phishing Overview

This introductory article on phishing provides a description of phishing, examples of spoofed senders, purposes and types of phishing as well as associated risks.

Reporting Phishing emails

What to do if you receive a suspicious or phishing email

Responding to Phishing

This Article provides some proactive measures to minimize phishing impact, some ways to react to phishing, and actions to take if you think you were successfully phished.

Safeguarding FERPA Information when Using Cloud-based Resources in a Course Environment

The Information Security Office acknowledges the value of use of cloud based solutions in courses. This article provided guidance on how to stay within FERPA requirements when using solutions non-university solutions that contain data or require access by students.

Spotting & Determining phishing

This article describes signs of phishing, actions that criminals use to trick victim in thinking phishing message are real and phishing training that is offered with simulating message.

Spotting Scam Job Offers

This article focuses on phishing attempts containing scam job offers and provides methods to determine email validity, including several sets of questions to ask if one suspects that a message is a phishing/scam email, an online tool for checking email or domain health, and FAQs concerning topics from throughout the document.

Standards for Safeguarding Data

This article describes the need and use of the University's Standards for Safeguarding Information when University data is accessed by third-parties. This can take the form of a rider, often Rider C, or a stand-alone Safeguarding Data Agreement.