Cyber Security Pledge-Computing Services ISO - Carnegie Mellon University

Cyber Security Pledge



Stay Cyber Security Aware

  • Your security is your responsibility. Keep in the know about security issues. Visit
  • Subscribe to Computing Services Security Mailing List or read the Headlines Portlet
  • Know who you are dealing with online.
  • Review End User License Agreements and Privacy Policies of businesses to find out what you are getting into before it is too late.
  • "Think Before You Click" - Download software only from trusted sources.

Use Strong Passwords

  • See Managing Your Andrew ID and Password at Carnegie Mellon University for details on selecting and managing a strong password.
  • Memorize your login id and password. Never write your password down or give it to anyone.
  • Change your password frequently. At a minimum every 180 days but 60 to 90 days is ideal.
  • Use a password that is unique and doesn't contain personal information and is not similar to your login id.

Beware of Email Attachments

  • Think Before you Click
  • Never open unexpected email attachments. If in doubt, verify authenticity using the KRESV tests, by phone, or a new email to the sender.
  • Never click on attachments or links sent to you in SPAM messages. Many contain viruses, Trojans, and worms as well as track active email addresses for future mailings.
  • Be on the look out for Phishing emails. Phishers send spam or pop-up messages claiming to be from a business or organization that you might deal with, for example, an Internet service provider (ISP), bank, online payment service, or even a government agency, hoping to steal your account names and passwords.
  • Review Securing Your Computer General Practices for more details.

Use Automatic Software Update

  • As security vulnerabilities are discovered, vendors work to release software patches to close these holes. These patches are available for download at software vendors' sites.
  • Due to the number of patches developed in a relatively short span of time, it can become quite cumbersome to manage patches manually.
  • One of the easiest ways to keep your software current with respect to security flaws is by enabling automatic updates on your computer.
  • Configure your computer to load Operating System (Windows XP & Mac OS X) security updates automatically

Use Anti-Virus Software

  • Carnegie Mellon Computing Services provides Norton/Symantec Anti-Virus Corporate Edition free to every student, staff, and faculty member. Download it from MyAndrew
  • At least a hundred new viruses are discovered each month. If your anti-virus software is not updated regularly, you are not protected from the latest viruses.
  • Set your anti-virus software to update itself automatically everyday: Mac or Windows

Run Anti-Phishing Phil

  • Anti-Phishing Phil teaches you how to identify phishing URLs, where to look for phish clues in web browsers, and how to use search engines to find legitimate sites.

Enable a Personal Firewall

  • New security vulnerabilities in the Windows and Mac operating systems are discovered every month. Sometimes hackers know and are using the security holes before the software vendors can release patches to fix them.
  • Enable the basic firewall in your operating system to provide protection from unpatched security holes.
  • On Windows XP, enabling the built-in firewall is easy once you install SP2. Install SP2 if you do not already have it. Then check that your firewall is enabled.

Monitor My Bandwidth Usage

  • Everything you do online consumes bandwidth. Whether it be reading email, browsing web pages, sending IMs, playing online video games, listening to online music, watching video streams, making internet telephone calls, or downloading/uploading files to friends, you are sharing in a restricted resource.
  • Those who consume too much bandwidth degrade the usability of our network for everyone.
  • If you use too much bandwidth, Computing Services just might revoke your access for 45 days. Review the limits: Wired Guideline & Wireless Guideline
  • Learn how bandwidth limits are enforced at Carnegie Mellon
  • Monitor bandwidth consumption for all your machines at once using

Not Share Copyrighted Materials

  • You might not like it, but copyrighted materials are protected by law. We all HAVE to obey the laws.
  • It is illegal to share copyrighted material for which you do not have written distribution permission.
  • Many organizations are actively scanning for copyright violations and will take legal action against you.
  • Review our Copyright Violation Guidelines for more details.

Physically Secure My Computer(s)

  • Use screen saver passwords. Never leave your computer unattended and un-password protected. Identity theft only takes seconds.
  • Consider purchasing a cable lock for laptops. Unsecured laptops are easy targets for a would be thief.
  • Always lock your doors and keep an eye on your computer(s) to avoid physical theft and identity theft.
  • If you share your computer with friends, keep an eye out for what they might be doing to your computer (and as your identity).
  • When you are done using a shared computer, make sure you logout.
  • When visiting websites that require you to login, make sure you logout when you are done.
  • Watch out for shoulder surfing! Make sure no one is watching you enter your account name and password.