2011-Computing Services ISO - Carnegie Mellon University


Tuesday, November 8, 2011

The ISO Celebrated National Cyber Security Awareness Month (NCSAM)

The Computing Services Information Security Office (ISO) hosted a number of events in observance of National Cyber Security Awareness Month during the month of October.

Featured events included classes on using the Identity Finder software and piloting a new security awareness program that will be offered online through the Open Learning Initiative (OLI).  Staff members interested in participating in the pilot should contact the Information Security Office at iso@andrew.cmu.edu for the course access code.

Tuesday, November 8, 2011

Security Alert: Phishing Email: "Your [id@andrew.cmu.edu] Account is on Restriction

The Computing Services Information Security Office (ISO) received numerous reports from Andrew users today of a phishing email with the subject, "Your [id@andrew.cmu.edu] Account is on Restriction" from a sender address of  Administrator <administrator@andrew.cmu.edu>. In response, the ISO blocked the response Web address and further relaying of the phishing messages. Administrators at the originating site have been notified. 
Friday, April 8, 2011

Security Advisory: Epsilon Breach Could Increase Spear Phishing Attacks

Epsilon, a service provider that manages email communications for many companies, reported last week that it suffered a security breach that exposed names and email addresses for some of its clients' customers.

Although Epsilon has indicated that no other personally-identifiable information  was put at risk, the compromised information could be used to send spam, phish, or malware-infected email. Most concerning is a type of phishing known as "spear phishing," whereby a phisher exploits a trust relationship to convince you to supply sensitive data like your login ID and password, credit card data, or banking information.  Your name, email, and the name of a company that you do business with provide all the ingredients for a successful spear-phishing attack.
Thursday, March 24, 2011

Security Advisory: Vendor Breach Results in Browser Updates

Earlier this week, Comodo, a service provider of Carnegie Mellon, experienced a security breach. According to details published by Comodo, this breach was the result of a compromised username and password that a customer used to access services.  As a result of Comodo detection and remediation, this breach does not impact security controls at Carnegie Mellon. While this security breach does not directly impact Carnegie Mellon, it could potentially impact services provided by Google, Microsoft Live, Mozilla, Skype and Yahoo who were all targeted in this breach. MORE
Tuesday, March 22, 2011

Mid-Semester Security Tips for Faculty and Staff

The Information Security Office would like to remind faculty and staff to follow a few security practices to minimize the risk and impact of computer and account compromises. Please read further for our Mid-Semester Security Tips for information on how to protect confidential information and University computing assets. MORE
Monday, March 21, 2011

Security Reminders for Students

The Information Security Office welcomes you back from spring break and reminds you of a few important safe computing tips. Please read below to learn how to protect your confidential information and computing assets.
Thursday, March 3, 2011

Available now, NCSAM Presentations

During National Cyber Awareness Month (NCSAM) 2010, the ISO invited a number of local experts to present on security issues impacting the university. Mobile Device Privacy is a presentation conducted by Professor Norman Sadeh from the School of Computer Science, on how to protect your privacy when using a mobile device. Another interesting presentation was "How Cyberwar Impacts the University End User" by Timothy Shimeall, a Senior Member of the Technical Staff at the Software Engineering Institute.The presentation defines cyberwar and its effect on Carnegie Mellon community members.

For additional video training and presentations, please visit the ISO presentationswebpage.


Request for Comment on ISO Guidance

The Information Security Office is kicking off a 2011 refresh of several guidance documents including the Guidelines for Data Classification, Guidelines for Data Protection and the Guidelines for Data Sanitization & Disposal. We are very interested in your feedback and suggestions as we work through this refresh cycle. If you've had the opportunity to leverage this guidance in your work over the last year or you simply have thoughts on how these documents can be matured, please send feedback to the ISO mailbox at iso@andrew.cmu.edu. MORE

Related Topics