Take Action Today!

 

ASU Information Security Office

ASU Information Security Office's Mission:
 
Arizona State University’s Information Security Office is committed to preserving the availability, confidentiality, and integrity of its information resources while preserving and nurturing the open information-sharing requirements of its academic culture.

ASU Information Security Office's Vision:

  • Embed information security into the culture of ASU
  • Ensure alignment of the information security program to the University's mission
  • Increase visibility into the University’s security posture

Read More

2017 IT Risk Assessment Toolkit

Resources for addressing Risk Assessment corrective actions.

  • US-CERT Current Activity:
    The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
    http://www.us-cert.gov/ncas/current-activity/
  • Internet Crime Complaint Center (IC3):
    The Internet Crime Complaint Center (IC3) is an alliance between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). IC3’s mission is to address crime committed over the Internet.
    http://www.ic3.gov/media/default.aspx
  • Microsoft Security Bulletins:
    Microsoft security bulletins provide information & news about computer vulnerabilities and security updates to keep your computer protected.
    http://technet.microsoft.com/en-US/security/dn481339
  • Apple Security Updates:
    This document outlines security updates for Apple products.
    http://support.apple.com/kb/ht1222
  • Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin:
    This page lists announcements of security fixes made in Critical Patch Update Advisories and Security Alerts, and it is updated when new Critical Patch Update Advisories and Security Alerts are released.
    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Protecting Against Phishing

What is Phishing?

Phishing, in a nutshell, is the online version of a con-job. The perpetrators of phishing messages are essentially tech-savvy con-artists. In a phishing scam, these con-artists send out messages and emails that "look" legitimate, hoping to trick the unsuspecting user into giving out their personal information, including usernames and passwords, and allowing the perpetrator to conduct identity theft.

Read more

Duo Two-Factor and Email

Submitted by vboragi on January 18, 2018 - 3:39pm

Duo Two-Factor authentication is coming to Active Directory Federation Services (ADFS), which includes ASU O365 Exchange email. When logging on to ASU O365 services, like Exchange email, Duo will prompt for a second authentication factor.  You will only be prompted to authenticate roughly every 90 days on email clients (e.g. Outlook)

Meltdown and Spectre

Submitted by mathom37 on January 5, 2018 - 8:49am

Security Researchers have discovered two hardware vulnerabilities involving CPU chips. The first vulnerability is called "Meltdown". Meltdown allows a program to access your system's memory, potentially exposing sensitive information such as username and passwords or application data. The second vulnerability found is called "Spectre". Spectre breaks down application isolation on your system. This break down allows an attacker to potentially access data across applications thus exposing data. It is recommended that you patch your system.

The Danger of IOT

Submitted by mathom37 on December 28, 2017 - 9:44am

You may have heard of the term "Internet of Things (IOT)" floating around. You probably have heard it so much that you are likely desensitized to the dangers that unsecured IOT present. A prominent Information Security Researcher has written an article about attacks that have been carried out with IOT and the harm they caused. If you were ever curious about how the IOT can be used for nefarious reasons, then click here for a great informative read.