SF State's Information Security Program covers multiple facets of protecting information assets, whether they are recorded digitally, on paper, or through other media. Following SF State's Information Security policies and procedures is critical to helping protect you and the University.

Security breaches of confidential or sensitive data have potentially serious consequences: for the person whose confidential information is compromised and for the University, which is accountable for upholding federal and state laws as well as CSU orders and regulations. In addition, individuals involved in unauthorized disclosure of information (even when accidental) may be subject to disciplinary and/or civil action.

Related Announcements

Security Awareness Campaign - July 1-6, 2019

Submitted by Mary Morshed on Monday, 7/8/19 - 13:37

See the Security Campaign Awareness Page

Security Awareness Campaign - April 2019

Submitted by Mary Morshed on Wednesday, 4/17/19 - 13:44

See the Security Campaign Awareness Page

Security Awareness Campaign - February 2019

Submitted by Mary Morshed
on Monday, 2/25/19 - 09:45

See the Security Campaign Awareness Page

Reminder to report phishing - here's how!

Submitted by Mary Morshed on 2/13/2019 - 8:50 a.m.

This is a reminder that the “Report Phishing” Button in Outlook has been fixed and should be used to report suspicious email messages. In addition, the instructions for using the button in both Outlook and Outlook Web Access (OWA) have been updated and can be found here:


If you are not using the Outlook application to view your email, such as with your mobile device, you can always forward the suspicious emails to and the Information Security team can still investigate the message. Thank you for being vigilant and helping protect SFSU’s information and systems.

Security Awareness Campaign

Submitted by Tuan Do
on Friday, 10/19/18 - 16:45

See the Security Campaign Awareness Page

Meltdown and Spectre security vulnerabilities

Submitted by Julianne Tolson
on Tuesday, 1/9/18 - 10:45

Meltdown and Spectre are security vulnerabilities caused by processor code design flaws that affect most computing devices produced since 1995. These flaws could result in unauthorized disclosure of information to an attacker.

Hardware, operating system, and application manufacturers are reviewing how these vulnerabilities affect their products and many are issuing security updates and patches to block the vulnerability. Some updates are already available, others are scheduled to be released later in January 2018. For more information see: Security Awareness – Meltdown and Spectre security vulnerabilities

Phishing training

Submitted by Julianne Tolson
on Friday, 10/27/17 - 14:43

Simulated phishing messages will be sent to faculty and staff who use the SF State Exchange server. If you receive real or simulated phishing messages report it using PhishMe Reporter or forward it as an attachment.

Tips to detect phishing attacks

Submitted by Julianne Tolson
on Thursday, 10/26/17 - 8:38

Be suspicious of all requests – Ask is this real? User the following checklist to check for common signs of phishing messages.

  1. Message indicates urgent action is needed
  2. Message indicates negative consequences will occur if action is not taken
  3. Message is not expected
  4. Message sender is not known
  5. Message cannot be read without opening an attachment
  6. Message requests sensitive information be sent
  7. Message directs users to click here
  8. Message uses poor grammar and/or spelling
  9. Sender from: name does not match message signature
  10. Sender email address does not match organization name
  11. Sender email address is not exactly the same as real address
  12. Sender name is not listed in campus directory
  13. Department name shown in message does not match A-Z listing
  14. Web site address (URL) of linked site does not match organization
  15. Message was not sent using SF State approved servers

For more information please see: Information Security Awareness program for faculty and staff