2011 News & Alerts Archive
The ISO Celebrated National Cyber Security Awareness Month (NCSAM)
The Computing Services Information Security Office (ISO) hosted a number of events in observance of National Cyber Security Awareness Month during the month of October.
Featured events included classes on using the Identity Finder software and piloting a new security awareness program that will be offered online through the Open Learning Initiative (OLI). Staff members interested in participating in the pilot should contact the Information Security Office at firstname.lastname@example.org for the course access code. Please click on the image below for a sneak preview.
Security Advisory: Epsilon Breach Could Increase Spear Phishing Attacks
Epsilon, a service provider that manages email communications for many companies, reported last week that it suffered a security breach that exposed names and email addresses for some of its clients' customers.
Although Epsilon has indicated that no other personally-identifiable information was put at risk, the compromised information could be used to send spam, phish, or malware-infected email. Most concerning is a type of phishing known as "spear phishing," whereby a phisher exploits a trust relationship to convince you to supply sensitive data like your login ID and password, credit card data, or banking information. Your name, email, and the name of a company that you do business with provide all the ingredients for a successful spear-phishing attack.
Please read the entire advisory message on What You Need To Do at Security Advisory: Epsilon Breach Could Increase Spear Phishing Attacks.
Security Advisory: Vendor Breach Results in Browser Updates
Earlier this week, Comodo, a service provider of Carnegie Mellon, experienced a security breach. According to details published by Comodo, this breach was the result of a compromised username and password that a customer used to access services. As a result of Comodo detection and remediation, this breach does not impact security controls at Carnegie Mellon. While this security breach does not directly impact Carnegie Mellon, it could potentially impact services provided by Google, Microsoft Live, Mozilla, Skype and Yahoo who were all targeted in this breach.
Please read the entire advisory message on What You Need To Do at Security Advisory: Vendor Breach Results in Browser Updates.
Mid-Semester Security Tips for Faculty and Staff
The Information Security Office would like to remind faculty and staff to follow a few security practices to minimize the risk and impact of computer and account compromises. Please visit Mid-Semester Security Tips for information on how to protect confidential information and University computing assets.
Security Reminders for Students
The Information Security Office welcomes you back from spring break and reminds you of a few important safe computing tips. Please visit Security Reminders for Students to learn how to protect your confidential information and computing assets.
Available now, NCSAM Presentations
During National Cyber Awareness Month (NCSAM) 2010, the ISO invited a number of local experts to present on security issues impacting the university. Mobile Device Privacy is a presentation conducted by Professor Norman Sadeh from the School of Computer Science, on how to protect your privacy when using a mobile device. Another interesting presentation was "How Cyberwar Impacts the University End User" by Timothy Shimeall, a Senior Member of the Technical Staff at the Software Engineering Institute. The presentation defines cyberwar and its effect on Carnegie Mellon community members.
For additional video training and presentations, please visit the ISO presentations webpage.
Request for Comment on ISO Guidance
The Information Security Office is kicking off a 2011 refresh of several guidance documents including the Guidelines for Data Classification, Guidelines for Data Protection and the Guidelines for Data Sanitization & Disposal. We are very interested in your feedback and suggestions as we work through this refresh cycle. If you've had the opportunity to leverage this guidance in your work over the last year or you simply have thoughts on how these documents can be matured, please send feedback to the ISO mailbox at email@example.com.
Information Security Office Website Updates
Over the course of the next 3-6 months, the Information Security Office will be making a number of changes to its website in order to improve navigation, accessbility of information and the overall quality of information. If you have any comments or concerns regarding the current site or you would like to see new content added to the site, please send email to firstname.lastname@example.org.