Take Action Today!

 

ASU Information Security Office

ASU Information Security Office's Mission:
 
Arizona State University’s Information Security Office is committed to preserving the availability, confidentiality, and integrity of its information resources while preserving and nurturing the open information-sharing requirements of its academic culture.

ASU Information Security Office's Vision:

  • Embed information security into the culture of ASU
  • Ensure alignment of the information security program to the University's mission
  • Increase visibility into the University’s security posture

Read More

2018 IT Risk Assessment Toolkit

Resources for addressing Risk Assessment corrective actions.

  • US-CERT Current Activity:
    The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
    http://www.us-cert.gov/ncas/current-activity/
  • Internet Crime Complaint Center (IC3):
    The Internet Crime Complaint Center (IC3) is an alliance between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). IC3’s mission is to address crime committed over the Internet.
    http://www.ic3.gov/media/default.aspx
  • Microsoft Security Bulletins:
    Microsoft security bulletins provide information & news about computer vulnerabilities and security updates to keep your computer protected.
    http://technet.microsoft.com/en-US/security/dn481339
  • Apple Security Updates:
    This document outlines security updates for Apple products.
    http://support.apple.com/kb/ht1222
  • Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin:
    This page lists announcements of security fixes made in Critical Patch Update Advisories and Security Alerts, and it is updated when new Critical Patch Update Advisories and Security Alerts are released.
    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Protecting Against Phishing

What is Phishing?

Phishing, in a nutshell, is the online version of a con-job. The perpetrators of phishing messages are essentially tech-savvy con-artists. In a phishing scam, these con-artists send out messages and emails that "look" legitimate, hoping to trick the unsuspecting user into giving out their personal information, including usernames and passwords, and allowing the perpetrator to conduct identity theft.

Read more

Security Training Compliance Note from ASU's Chief Information Security Officer

Submitted by meroman1 on November 16, 2018 - 11:49am

Colleagues,

ASU’s Annual Information Security Training is now due.  In an effort to achieve full compliance in 2019 ASU is implementing a password reset process for all faculty, staff, and student workers who have not yet completed this year’s training in accordance with Auditor General State IT Performance Audit division. Please see the detailed note below from the ASU Information Security Office.

Deans and Department Heads

Thousands of Smart Homes and Businesses at Risk of Data Breach

Submitted by meroman1 on September 4, 2018 - 2:47pm

Cybercriminals can now gain access to smart homes through misconfigured Message Queuing Telemetry Transport (MQTT) servers. The MQTT protocol is used to interconnect and control smart home devices via smart home hubs. Cybersecurity firm Avast found over 49,000 MQTT servers that were publicly visible on the Internet due to a misconfigured MQTT protocol. There were also about 32,000 servers that were not password protected. Severe security vulnerabilities may arise if the MQTT is not implemented or configured correctly.

NIST Small Business Cybersecurity Act Becomes Law

Submitted by meroman1 on September 4, 2018 - 2:45pm

U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, formerly known as the MAIN STREET Cybersecurity Act, into a law on August 14 this year. The law would require the National Institute of Standards and Technology (NIST) to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." The new law will attempt to provide the necessary tools to small businesses to strengthen their cybersecurity infrastructure as well as fight online attacks.