Information Security

About Information Security: (Quick Link for this Page: )
OIT's Office of Information Security and Chief Information Security Officer (CISO) provide information security leadership, guidance, activities, and awareness to protect the confidentiality, integrity, and availability of the University's data, systems, and users.  To report an issue, incident, or concern, contact the OIT Help Desk at (989) 774-3662.

Protecting Your CMich Account/Identity:
In additional to the controls implemented by OIT and Information Security to protect University data, systems, and users, individuals have a responsibility to protect themselves and their CMich accounts, access, and identities too.  This page contains links and advice (security awareness) to help. 

To Report a Security or CMich Account/Identity Issue, Incident, or Concern:

  • Contact the OIT Help Desk at (989) 774-3662.
  • In an Emergency, Contact the CMU Police at (989) 774-3081 or dial 911
  • To report a lost or stolen CMich device, call the Help Desk at (989) 774-3662

Information Security Quick Links:

Information Security Training:

Email Rules and Encryption:

  • CMU has Office 365 rules to auto-detect and advise on securing SSN (Social Security Number) and other sensitive or Restricted information, when sending emails.  To secure emails using encryption, add [encrypt] anywhere in the subject line (include the square-brackets).  We recommend adding it to the beginning of your subject lines. NOTE: This changes the way the email gets sent, so test it yourself first, to be sure you know what to expect and what others will see, before you start using it.

Phishing Simulations (Self-Phishing):

  • CMU has previously run limited-engagement phishing simulations (self-phishing exercises) as part of assessing social engineering risk and improving email security.  Beginning in Fall 2017, CMU will explore ongoing phishing simulations that may include groups of email users or all email users at CMU (including Alumni). These simulations will be conducted both to assess phishing risks, and to educate email users in what to watch out for, as well as how to best handle or react to phishes. 
  • If you suspect an email is a phish, send it to  A phishing email is a fake email trying to get you to click an attachment or link and give away your login or other confidential information. See our Phish & Chips section for more information and phishing examples.  And remember: don't click those links!

Additional Information Security Awareness Topics (OUCH Newsletters from SANS):

Here are links to "OUCH" Security Awareness Newsletters (PDF files, English langauge versions.  You can also find these by searching the Internet for: SANS OUCH. Additional langauge versions available at the archive link, at the bottom of the list):