About Information Security: (Quick Link for this Page: it.cmich.edu/security )
OIT's Office of Information Security and Chief Information Security Officer (CISO) provide information security leadership, guidance, activities, and awareness to protect the confidentiality, integrity, and availability of the University's data, systems, and users. To report an issue, incident, or concern, contact the
OIT Help Desk at (989) 774-3662.
Protecting Your CMich Account/Identity:
In additional to the controls implemented by OIT and Information Security to protect University data, systems, and users, individuals have a responsibility to protect themselves and their CMich accounts, access, and identities too. This page contains links and advice (security awareness) to help.
To Report a Security or CMich Account/Identity Issue, Incident, or Concern:
- Contact the
OIT Help Desk at (989) 774-3662.
In an Emergency, Contact the
CMU Police at (989) 774-3081 or dial 911
To report a lost or stolen CMich device, call the Help Desk at (989) 774-3662
Information Security Quick Links:
Information Security Training:
Email Rules and Encryption:
- What is [External] email? - OIT has been experiementing with labelling emails originating from outside the University, by adding [External] to the subject line on the incoming messages. This will help recipients recognize spam/phish emails more easily.
- Pop-Up Advice? CMU has Office 365 rules to auto-detect and advise on securing SSN (Social Security Number) and other sensitive or Restricted information, when sending emails. You may see this advice as a pop-up, or as a reply email too.
- Securing emails using [encrypt]: To secure emails using encryption, add [encrypt] anywhere in the subject line (include the square-brackets). We recommend adding it to the beginning of your subject lines so it doesn't get truncated if forwarded. NOTE: This changes the way the email gets sent, so test it yourself first, to be sure you know what to expect and what others will see, before you start using it
Phishing Simulations (Self-Phishing):
has previously run limited-engagement phishing simulations (self-phishing exercises) as part of assessing social engineering risk and improving email security. Beginning in Fall 2017, CMU will explore ongoing phishing simulations that may include groups of email users or all email users at CMU (including Alumni). These simulations will be conducted both to assess phishing risks, and to educate email users in what to watch out for, as well as how to best handle or react to phishes.
- If you suspect an email is a phish, send it to firstname.lastname@example.org. A phishing email is a fake email trying to get you to click an attachment or link and give away your login or other confidential information. See our Phish & Chips section for more information and phishing examples. And remember: don't click those links!
Additional Information Security Awareness Topics (OUCH Newsletters from SANS):
Here are links to SANS.org "OUCH" Security Awareness Newsletters (PDF files, English langauge versions. You can also find these by searching the Internet for: SANS OUCH. Additional langauge versions available at the archive link, at the bottom of the list):