SF State's Information Security Program covers multiple facets of protecting information assets, whether they are recorded digitally, on paper, or through other media. Following SF State's Information Security policies and procedures is critical to helping protect you and the University.
Security breaches of confidential or sensitive data have potentially serious consequences: for the person whose confidential information is compromised and for the University, which is accountable for upholding federal and state laws as well as CSU orders and regulations. In addition, individuals involved in unauthorized disclosure of information (even when accidental) may be subject to disciplinary and/or civil action.
Guides
- Administrative Account Access Control
- DCMA Complaints
- Digital Certificates
- Encryption and Removal of Confidential Data
- Erasing and Disposing of Media
- Handling Paper Records
- Information Security Awareness program for faculty and staff
- Logging and Threat Management
- Offsite Backup Media Rotation Program
- Protecting Your Computer
- Remote Connections
- Reporting a Security Incident or Vulnerability
- Technology Acquisition Review (TAR)
- Using the PhishMe Reporter to report phishing and spam
Practice Directives
- Analog Modem Security and Requests
- Confidential Data
- Credit Card Payment Processing and PCI Security
- Logging and Threat Management
- Password
- Reporting an IT Security Incident or Vulnerability
- Responsible Use Policy (RUP)
- Safeguarding Information
- Secure E-Waste and Paper Disposal
- Server Security
- SF State "Red Flag" Program
- Web Application Development and Security
Related Announcements
Security Awareness Campaign - July 1-6, 2019
Submitted by Mary Morshed on Monday, 7/8/19 - 13:37
See the Security Campaign Awareness Page
Security Awareness Campaign - April 2019
Submitted by Mary Morshed on Wednesday, 4/17/19 - 13:44
See the Security Campaign Awareness Page
Security Awareness Campaign - February 2019
Submitted by Mary Morshed
on Monday, 2/25/19 - 09:45
See the Security Campaign Awareness Page
Reminder to report phishing - here's how!
Submitted by Mary Morshed on 2/13/2019 - 8:50 a.m.
This is a reminder that the “Report Phishing” Button in Outlook has been fixed and should be used to report suspicious email messages. In addition, the instructions for using the button in both Outlook and Outlook Web Access (OWA) have been updated and can be found here:
https://its.sfsu.edu/guides/phishingtrainingprogram
If you are not using the Outlook application to view your email, such as with your mobile device, you can always forward the suspicious emails to abuse@sfsu.edu and the Information Security team can still investigate the message. Thank you for being vigilant and helping protect SFSU’s information and systems.
Security Awareness Campaign
Submitted by Tuan Do
on Friday, 10/19/18 - 16:45
See the Security Campaign Awareness Page
Meltdown and Spectre security vulnerabilities
Submitted by Julianne Tolson
on Tuesday, 1/9/18 - 10:45
Meltdown and Spectre are security vulnerabilities caused by processor code design flaws that affect most computing devices produced since 1995. These flaws could result in unauthorized disclosure of information to an attacker.
Hardware, operating system, and application manufacturers are reviewing how these vulnerabilities affect their products and many are issuing security updates and patches to block the vulnerability. Some updates are already available, others are scheduled to be released later in January 2018. For more information see: Security Awareness – Meltdown and Spectre security vulnerabilities
Phishing training
Submitted by Julianne Tolson
on Friday, 10/27/17 - 14:43
Simulated phishing messages will be sent to faculty and staff who use the SF State Exchange server. If you receive real or simulated phishing messages report it using PhishMe Reporter or forward it as an attachment.
Tips to detect phishing attacks
Submitted by Julianne Tolson
on Thursday, 10/26/17 - 8:38
Be suspicious of all requests – Ask is this real? User the following checklist to check for common signs of phishing messages.
- Message indicates urgent action is needed
- Message indicates negative consequences will occur if action is not taken
- Message is not expected
- Message sender is not known
- Message cannot be read without opening an attachment
- Message requests sensitive information be sent
- Message directs users to click here
- Message uses poor grammar and/or spelling
- Sender from: name does not match message signature
- Sender email address does not match organization name
- Sender email address is not exactly the same as real address
- Sender name is not listed in campus directory
- Department name shown in message does not match A-Z listing
- Web site address (URL) of linked site does not match organization
- Message was not sent using SF State approved servers
For more information please see: Information Security Awareness program for faculty and staff