Information Security Office (ISO)
The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.
News & Alerts
Security Advisory: OpenSLL "Heartbleed Bug" may disclose sensitive information
Announced on April 7, 2014, a security vulnerability called Heartbleed allows attackers to collect information that is expected to be encrypted including encryption keys, session cookies, credit card numbers, passwords, and social security numbers. Computing Services Information Security Office (ISO) is actively scanning CMU's network for vulnerable hosts, monitoring for evidence of attack and compromise, and responding to impacted individuals accordingly. University vendors are also being assessed.
For detailed information about this advisory and What You Need To Do, please visit Security Advisory: OpenSLL "Heartbleed Bug" may disclose sensitive information.
ISO Releases its 2014 - Security 101 Training Course
The 2014 - Security 101 training course was developed by Carnegie Mellon's Information Security Office (ISO) to raise awareness about Carnegie Mellon's information security policies and guidelines, data classification, roles and responsibilities, information security risks, and techniques for safeguarding institutional data and information systems.
For instruction on how you can access the 2014 - Security 101 course, please visit Security 101 Training and Awareness Program.
Security Advisory: Upgrade Now - Windows XP Support Ends April 8
Microsoft plans to end support for Windows XP on April 8, 2014. There have been a number of advisories from various sources indicating that shortly after the end of support, a rash of malware and exploits will be released targeting the XP operating system. Accordingly, the Information Security Office (ISO) will begin scanning for XP computers on campus or connected to campus services on Thursday, March 20, 2014.
For information on the security advisory and on What You Need to Do, please read the entire security advisory message on Upgrade Now - Windows XP Support Ends April 8.
Security Alert: Hewlett Packard (HP) Phone Scam
Several university staff members reported receiving phone calls where individuals asked for their "HP number". When questioned, the caller typically hangs up. While "HP number" is unclear, it is possible that they are looking for the printers IP address, which might provide the scammer with remote access to the printer.
For information on the security alert and on What You Need to Do, please read the entire security alert message on Hewlett Packard (HP) Phone Scam.
Lessons from Recent Security Breaches
Several recent high profile vulnerabilities and security breaches serve as reminders of the importance of reporting concerns, staying up to date with security patches, remaining vigilant to scams, and other good security practices, both on campus and at home.
To access the announcement with detailed information and resources, visit Lessons from Recent Security Breaches.
Security Advisory: CryptoLocker Malware Restricts Access to Computer Files
Malware known as CryptoLocker" is affecting Windows computers across the Internet and here on campus. Cryptolocker encrypts the infected computer’s documents so that they are no longer usable and then displays a webpage demanding payment to restore them. It can encrypt files located on shared network drives, USBs, external hard drives and even cloud storage drives.
For information on the security advisory and on What You Need to Do, please read the entire security advisory message on CryptoLocker Malware Restricts Access to Computer Files.
Focusing on Mobile Device Security during 2013 NCSAM
In observance of 2013 National Cybersecurity Awareness Month, the Information Security Office (ISO) held a Mobile Device Security event on October 3rd, 2013 at the UC Rangos from 11:00 a.m. to 5:00 p.m. At the event, mobile carriers, vendors, researchers, the ISO and other University entities exhibited their mobile devices and demonstrated security and privacy configurations, answered questions, provided training material, discussed research reports, and shared security solutions.
Information on the event, participating entities, prizes and more is available at Focusing on Mobile Device Security during 2013 National Cybersecurity Awareness Month (NCSAM) .