SF State's Information Security Program covers multiple facets of protecting information assets, whether they are recorded digitally, on paper, or through other media. Following SF State's Information Security policies and procedures is critical to helping protect you and the University.
Security breaches of confidential or sensitive data have potentially serious consequences: for the person whose confidential information is compromised and for the University, which is accountable for upholding federal and state laws as well as CSU orders and regulations. In addition, individuals involved in unauthorized disclosure of information (even when accidental) may be subject to disciplinary and/or civil action.
Guides
- Information Security Awareness program for faculty and staff
- Technology Acquisition Review (TAR)
- Administrative Account Access Control
- Digital Certificates
- Encryption and Removal of Confidential Data
- Erasing and Disposing of Media
- Remote Connections
- Handling Paper Records
- Protecting Your Computer
- Reporting a Security Incident or Vulnerability
- Offsite Backup Media Rotation Program
- Logging and Threat Management
- DCMA Complaints
Practice Directives
- Analog Modem Security and Requests
- Confidential Data
- Credit Card Payment Processing and PCI Security
- Logging and Threat Management
- Password
- Reporting an IT Security Incident or Vulnerability
- Responsible Use Policy (RUP)
- Safeguarding Information
- Secure E-Waste and Paper Disposal
- Server Security
- SF State "Red Flag" Program
- Web Application Development and Security
Related Announcement
Security Awareness Campaign
Submitted by Tuan Do
on Friday, 10/19/18 - 16:45
See the Security Campaign Awareness Page
Meltdown and Spectre security vulnerabilities
Submitted by Julianne Tolson
on Tuesday, 1/9/18 - 10:45
Meltdown and Spectre are security vulnerabilities caused by processor code design flaws that affect most computing devices produced since 1995. These flaws could result in unauthorized disclosure of information to an attacker.
Hardware, operating system, and application manufacturers are reviewing how these vulnerabilities affect their products and many are issuing security updates and patches to block the vulnerability. Some updates are already available, others are scheduled to be released later in January 2018. For more information see: Security Awareness – Meltdown and Spectre security vulnerabilities
Phishing training
Submitted by Julianne Tolson
on Friday, 10/27/17 - 14:43
Simulated phishing messages will be sent to faculty and staff who use the SF State Exchange server. If you receive real or simulated phishing messages report it using PhishMe Reporter or forward it as an attachment.
Tips to detect phishing attacks
Submitted by Julianne Tolson
on Thursday, 10/26/17 - 8:38
Be suspicious of all requests – Ask is this real? User the following checklist to check for common signs of phishing messages.
- Message indicates urgent action is needed
- Message indicates negative consequences will occur if action is not taken
- Message is not expected
- Message sender is not known
- Message cannot be read without opening an attachment
- Message requests sensitive information be sent
- Message directs users to click here
- Message uses poor grammar and/or spelling
- Sender from: name does not match message signature
- Sender email address does not match organization name
- Sender email address is not exactly the same as real address
- Sender name is not listed in campus directory
- Department name shown in message does not match A-Z listing
- Web site address (URL) of linked site does not match organization
- Message was not sent using SF State approved servers
For more information please see: Information Security Awareness program for faculty and staff