Information Security

About Information Security: (Quick Link for this Page: )
OIT's Office of Information Security and Chief Information Security Officer (CISO) provide information security leadership, guidance, activities, and awareness to protect the confidentiality, integrity, and availability of the University's data, systems, and users.  See more on the About Information Security page (internal access only).  To report an issue, incident, or concern, contact the OIT Help Desk at (989) 774-3662.

Protecting Your CMich Account/Identity:
In additional to the controls implemented by OIT and Information Security to protect University data, systems, and users, individuals have a responsibility to protect themselves and their CMich accounts, access, and identities too.  This page contains links and advice (security awareness) to help. 

To Report a Security or CMich Account/Identity Issue, Incident, or Concern:

  • Contact the OIT Help Desk at (989) 774-3662.
  • In an Emergency, Contact the CMU Police at (989) 774-3081 or dial 911
  • To report a lost or stolen CMich device, call the Help Desk at (989) 774-3662
  • To report lost or stolen Personally Identifiable Information (PII), email

Information Security Quick Links:

Information Security Training:

Email Rules and Encryption:

  • Securing emails using [encrypt]:  To secure emails using encryption, add [encrypt] anywhere in the subject line (include the square-brackets).  We recommend adding it to the beginning of your subject lines so it doesn't get truncated, if forwarded.  NOTE: This is an Office 365 "transport rule" that changes the way the email gets sent, so test it yourself first, to be sure you know what to expect and what others will see, before you start using it.
  • Pop-Up Advice?  CMU has Office 365 rules to auto-detect and advise on securing SSN (Social Security Number) and other sensitive or Restricted information, when sending emails. You should always use encryption when transmitting any Restricted information. You may see this advice as a pop-up, or as a reply email too.

Phishing Simulations (Self-Phishing Exercises):

  • CMU has previously run limited-engagement phishing simulations (self-phishing exercises) as part of assessing social engineering risk and improving email security.  Beginning in Fall 2017, CMU will explore ongoing phishing simulations that may include groups of email users or all email users at CMU (including Alumni). These simulations will be conducted both to assess phishing risks, and to educate email users in what to watch out for, as well as how to best handle or react to phishes. 
  • If you suspect an email is a phish, send it to  A phishing email is a fake email trying to get you to click an attachment or link and give away your login or other confidential information. See our Phish & Chips section for more information and real phishing examples we've received.  And remember: verify it first, don't just click those links!
  • We recommend you not even open emails you weren't expecting and just delete them.  Or if you think they're spam or phishing, forward them to and/or flag them as junk.  Don't open them, don't click the links, but especially, don't submit your login credentials!  (Always check the link or form URL first, to make sure it's a link or form)

Blocked Websites and Links, and Blocked Email Addresses or Senders:

  • CMU has implemented a new, smart ("next generation") network firewall that includes continuously updating features that recognize and auto-block web sites (or clicked links to web sites) that are confirmed malicious or harmful.
  • CMU may also block sending to and receiving from email addresses known to be malicious, or trying to steal from or scam CMU email users (for instance, those sending ransomware or other viruses, those offering fake jobs in order to either steal your money or your private information, or those seeming to offer money or services designed to steal money from those who respond). See the Email Scams link at right for the notice about scammers.

Additional Information Security Awareness Topics (OUCH Newsletters from SANS):

Here are links to "OUCH" Security Awareness Newsletters (PDF files, English langauge versions.  You can also find these by searching the Internet for: SANS OUCH. Additional langauge versions available at the archive link, at the bottom of the list).  Note: these lnks all go to resources!