Computer Security for Student Affairs Data Coordinators
The following information is provided to help the Data Coordinators understand the computer security requirements of San Diego State University and the Division of Student Affairs. Use this information to review your department's computer security and implement any needed changes.
Each department is responsible for implementing procedures to protect their electronic data and computer hardware from theft, loss, or corruption.
Security Topics:
Software Patches
Anti-Malware Information
Notification
Vulnerability Assessment
System Compromises
Other Security Issues
Security Links
Campus Computing Policies
Software Patches
Software vendors frequently releases patches for vulnerabilities that are discovered in their software. Some of the most critical vulnerabilities can enable an unauthorized user to take control of the system. It is critical that every computer in Student Affairs has all current patches installed!
Anti-Malware Information
- Malware definition should be scheduled to update daily.
- Avoid opening files attached to email unless you know their source or requested the file.
- Don't run files directly from the Internet (it's safer to save them to disk first and then run them).
- You can analyze suspicious files with VIRUSTOTAL.
Notification
To keep current on the latest security issues and vulnerabilities subscribe to the lists below:
- Microsoft Security Bulletins: For the latest information from Microsoft.
- SANS@RISK: This site summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them.
- CERT Vulnerability Notes Database: Provides information about software vulnerabilities..
Vulnerability Assessment
For Microsoft operating systems the Baseline Security Advisor can perform local or remote scans of Windows systems. It will scan for common system misconfigurations and weaknesses.
Download Microsoft Baseline Security Advisor
System Compromises
Server log files should be reviewed daily in order to discover suspicious activities and other system problems as soon as they occur.
If you believe that a system has been compromised, you should:
- Immediately unplug the network cable in order to remove the system from the network.
- Notify the department director immediately.
- Contact Technology Services team immediately.
- Use our Student Affairs IT Work Requests system to submit your request to have your PC checked.
If you believe your email account has been compromised:
- Contact the ETS Helpdesk immediately.
- Notify Technology Services of the incident.
If you believe your email you have been targetted for Phishing attacks, follow these instructions (SDSUid login required) to report it to ETS Helpdesk.
Other Security Issues
- Make sure that every user account has a strong password.
- Warn your users about how to avoid Social Engineering.
Security Links
- Microsoft Security Response Center
- Microsoft TechNet
- Mitigate threats by using Windows 10 security features