Information Security

About Information Security: (Quick Link for this Page:  it.cmich.edu/security )
OIT's Office of Information Security and Chief Information Security Officer (CISO) provide information security leadership, guidance, activities, and awareness to protect the confidentiality, integrity, and availability of the University's data, systems, and users.  To report an issue, incident, or concern, contact the OIT Help Desk at (989) 774-3662.

Protecting Your CMich Account/Identity:
In additional to the controls implemented by OIT and Information Security to protect University data, systems, and users, individuals have a responsibility to protect themselves and their CMich accounts, access, and identities too.  This page contains links and advice (security awareness) to help. 

To Report a Security or CMich Account/Identity Issue, Incident, or Concern:

  • Contact the OIT Help Desk at (989) 774-3662.
  • In an Emergency, Contact the CMU Police at (989) 774-3081 or dial 911
  • To report a lost or stolen CMich device, call the Help Desk at (989) 774-3662olem
  • To report lost or stolen Personally Identifiable Information (PII), email security@cmich.edu

Information Security Quick Links:

Information Security Training:

Email Rules and Encryption:

  • Securing emails using [encrypt]:  To secure emails using encryption, add [encrypt] anywhere in the subject line (include the square-brackets).  We recommend adding it to the beginning of your subject lines so it doesn't get truncated, if forwarded.  NOTE: This is an Office 365 "transport rule" that changes the way the email gets sent, so test it yourself first, to be sure you know what to expect and what others will see, before you start using it.
  • Pop-Up Advice?  CMU has Office 365 rules to auto-detect and advise on securing SSN (Social Security Number) and other sensitive or Restricted information, when sending emails. You should always use encryption when transmitting any Restricted information. You may see this advice as a pop-up, or as a reply email too.

Phishing Simulations (Self-Phishing Exercises):

  • CMU has previously run limited-engagement phishing simulations (self-phishing exercises) as part of assessing social engineering risk and improving email security.  Beginning in Fall 2017, CMU will explore ongoing phishing simulations that may include groups of email users or all email users at CMU (including Alumni). These simulations will be conducted both to assess phishing risks, and to educate email users in what to watch out for, as well as how to best handle or react to phishes. 
  • If you suspect an email is a phish, send it to spambusters@cmich.edu.  A phishing email is a fake email trying to get you to click an attachment or link and give away your login or other confidential information. See our Phish & Chips section for more information and phishing examples.  And remember: verify it first, don't just click those links!

Additional Information Security Awareness Topics (OUCH Newsletters from SANS):

Here are links to SANS.org "OUCH" Security Awareness Newsletters (PDF files, English langauge versions.  You can also find these by searching the Internet for: SANS OUCH. Additional langauge versions available at the archive link, at the bottom of the list):