Curious about attempted cybercrime at WashU? Join our webinar to learn about how WashU protects its users and systems from online threats. Chris Shull, Chief Information Security Officer, will talk about the comprehensive preventive, detective, and responsive defenses we are building in response to the wide range of Information Security challenges we face. One […]
The Office of Information Security (OIS) is Your Ally in the Cybercrime Arms Race
Educational institutions such as WashU are prime targets for cybercriminals who use ever-evolving tactics to infiltrate systems, steal data, block access, and demand ransoms under the threat that they will publish sensitive data online. Universities operating medical centers are especially vulnerable, as they manage large amounts of sensitive patient health data. According to the Ponemon Institute, […]
Meet Your Infosec Team: Joe Susai, Chief Information Security Officer, Washington University School of Medicine
This month, we met with Joe Susai, WUSM CISO, to learn more about what he does at WashU and his background. Please read on for our questions and his answers. What is your role at WashU? I am responsible for all aspects of information security practice and programming for Washington University School of Medicine’s clinical, […]
Meet Your Infosec Team: Chief Information Security Officer, Chris Shull
On June 1, 2021, Chris Shull assumed the role of Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to WashU from Huron Consulting Group, which is working on several other projects at WashU. Chris has joined Joe Susai, the CISO for the School of Medicine, and Kevin Hardcastle, Associate CISO […]
Introducing Interim Chief Information Security Officer, Chris Shull
In September, Chris Shull assumed the role of Interim Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to us from Huron Consulting Group, which is working on several other projects at WashU. Kevin Hardcastle has stepped back from the CISO role, and is working diligently with Chris to advance the […]
Meet Joe Susai, WUSM Chief Information Security Officer
The Office of Information Security will host a webinar featuring one of our newest IT leaders on the School of Medicine campus, Joe Susai, WUSM chief information security officer (CISO). Susai will share remarks about his new role at the medical school and how he will work with WashU CISO, Kevin Hardcastle, to provide strong […]
WEBINAR: Meet Joe Susai, WUSM Chief Information Security Officer
The Office of Information Security will host a webinar featuring one of our newest IT leaders on the School of Medicine campus, Joe Susai, WUSM chief information security officer (CISO). Susai will share remarks about his new role at the medical school and how he will work with WashU CISO, Kevin Hardcastle, to provide strong […]
Keeping Information Security Simple – “Denial is not a river in Egypt!”
Letter from the CISO, Vol 3 Issue 10 Washington University Community: Criminals keep inventing new con attacks I recently saw a news report about a Mexican drug cartel that has gotten into the business of helping elderly Americans get out of the timeshare vacation contracts. This sounds like a good thing. Unfortunately, it is just […]
Keeping Information Security Simple – “Using Code Words to Defeat the AI Menace”
Letter from the CISO, Vol 3 Issue 9 Washington University Community: Artificial Intelligence is a tool Artificial Intelligence, or AI, has received a lot of attention and interest over the past year, primarily due to the great advances in productivity and quality it seems to promise. WashU IT is excited to be helping the university […]
Security Tips for Spring Break
Spring Break is right around the corner, and many in the WashU community will be traveling for conferences, studying away, researching elsewhere, visiting family, or just going somewhere relaxing. No matter where you go, your smartphone will undoubtedly be at your side. These handy devices have become our constant companions for just about anything you […]
Information Security Training
Third-Party Information Resources
Third-party information resources are acquired from a vendor for use at WashU.
Keeping Information Security Simple – “New Year’s Resolution – Innovate Your Password Management”
Letter from the CISO, Vol 3 Issue 8 Washington University Community: New Year – New Password Discipline “Password Discipline” certainly sounds like the kind of New Year’s resolution that will be abandoned within 24 hours. But it truly needs to be on everyone’s list. Good password management is critical for protecting yourself, your family, and […]
Keeping Information Security Simple – “Holiday Gifts that Keep on Giving”
Letter from the CISO, Vol 3 Issue 7 Washington University Community: Holidays and the joys of giving and receiving (safely)! As we are in the middle of the holiday season, it’s easy to get caught up in the joyous atmosphere and excitement of finding the perfect gift or the muted pain of receiving an ugly […]
Meet Your InfoSec Team: Nick Fredrick, GRC Security Analyst
Nick Fredrick, GRC Security Analyst I, is one of the newest additions to the Office of Information Security. After earning his bachelor’s degree in computer information systems from St. Louis University, Nick interned for our Governance Risk and Compliance (GRC) team, where he was eventually hired as a full-time analyst. Throughout his time at WashU, […]
Protecting against cybersecurity risks with Microsoft 365 A5 security
WashU uses tools from the Microsoft 365 A5 security suite to detect and respond to cybersecurity threats. Most of the tools in the suite are designed to work behind the scenes so that students, faculty, and staff are not interrupted by the security features. Here is a brief overview of Microsoft 365 A5 tools and […]
Keeping Information Security Simple – “The Preparedness Paradox”
Letter from the CISO, Vol 3 Issue 6 Washington University Community: Problems in WashU paradise Sometimes, I think working at WashU is a bit like being in paradise. November is a time to reflect on things we are grateful for, and this includes working in a safe and welcoming culture. But even the Garden of […]
Security Guidance for Automatic Transcription Services
Many WashU community members create audio and video recordings in research, during meetings, while attending lectures, and in other circumstances. These recordings can be indispensable to a project because they document what was said with perfect fidelity for future reference and analysis. A transcript of the recording is even more helpful, making it easy to […]
Keeping Information Security Simple – “They Keep Raising the Bar”
Letter from the CISO, Vol 3 Issue 5 Washington University Community: It doesn’t seem fair… Last month I wrote about how the “right phish at the wrong time can catch anyone.” And this month, despite the fact it is Cybersecurity Awareness Month, we’ve had to deal with a wide range of innovative attacks against us […]
Cybersecurity Awareness Month 2023 Recap
Cybersecurity Awareness Month 2023 is coming to a close. This year, we hosted three webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of original content authored by WashU’s Office of Information Security. Below, you will find a recap of some of the key […]
Phishing Alert: Protect Your Account’s Financial Information from Credential Phishing via Google Form
How this Scam Works Members of the WashU community are receiving fraudulent emails that ask them to divulge their WUSTL Key and credentials in a Google Form. If someone clicks the malicious link in the email, they will be led to a Google Form asking for their WUSTL Key and credentials. Here are some examples […]
Keeping Information Security Simple – “The Right Phish at the Wrong Time Can Catch Anyone”
Letter from the CISO, Vol 3 Issue 4 Washington University Community: How likely are you to click? A few years ago, I advised a company to conduct its first email phishing simulation, otherwise known as a “phish test.” The systems administrator enthusiastically crafted a test message that used a logo from the company’s website, included […]
October is Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage every employee to take […]
Learn About Cybersecurity and Win Big This October
The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can submit several entries to win up to $1,000 in BearBucks. Beginning September 28th, we will release three episodes of “The Inside Man,” a soap opera-style training that covers critical cybersecurity themes. Every Friday until […]
WEBINAR: Cyber Security for Research with Kevin Hardcastle
Are you a researcher, research coordinator, or support staff who receives federal grants and contracts to conduct research? There has been a lot of overhead placed on researchers and institutions to comply with new government requirements for cybersecurity controls. This presentation will discuss many of the pending cybersecurity requirements for academic research, how it will impact […]
Keeping Information Security Simple – Who’s your cyber security buddy?
Letter from the CISO, Vol 3 Issue 3 Washington University Community: Welcome (back) to school! A friend recently shared that her son was assigned a roommate with whom he seems to have nothing in common. They’ve recognized and embraced their differences and are enjoying better, richer experiences because of it. This made me think that […]
Keeping Information Security Simple – Game On: Spear Phishing and Pre-Texting – our best against the ‘best’ from malicious actors
Letter from the CISO, Vol 3 Issue 2 Washington University Community: Is our best good enough? In the battle against malicious cyber actors, we are constantly challenged by more clever and sophisticated attacks. For example, for several years after we implemented DUO 2-Factor Authentication (2FA), the number of successful account-compromise attacks dropped to almost zero. […]
Keeping Information Security Simple – Chocolate v. Kale and the Importance of Reporting Information Security Mistakes
Letter from the CISO, Vol 3 Issue 1 Washington University Community: Do you like chocolate more than kale? Of course! In a recent keynote presentation at the Gartner Security and Risk Management Summit, Mary Mesaglio, a Managing Vice President who leads Gartner’s Executive Leadership Dynamics team, discussed the importance of getting people to care about […]
Keeping Information Security Simple – InfoSec Requires Advanced Preparation
Letter from the CISO, Vol 2 Issue 12 Washington University Community: Are cyber threats like pop quizzes? I was recently asked, “How are cyber threats like pop quizzes?” I’ve realized this is an interesting question, but not in the way I originally thought. Initially, I thought of reasons they were similar. They are unexpected, test […]
Personal Device Security Policy
The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.
Mobile Device Security Policy
The policy and associated guidance provide methods of protection for all mobile computing and storage devices that contain or access protected or confidential information resources at WashU.
Infrastructure Security Policy
The policy and associated guidance provide the WashU computing community directives to help ensure integrity, confidentiality, and availability of information and provide a safe computing environment. All network assets, systems, computing devices, services, and operating personnel will be in scope for this policy. This includes network infrastructure components, network management and service systems, WashU faculty, staff, and students.
Information Security Training and Awareness Policy
The policy and associated guidance provide an organized security awareness and training program that will inform WashU of relevant and recent security topics.
Information Security Risk Management Policy
The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.
Information Security Controls Policy
The policy and associated guidance provide a well-defined and organized approach for compliance with identified security controls.
Information Security Policy
The policy and associated guidance provide management direction and support for the information security program in accordance with university requirements, relevant laws, and regulations.
Information Classification Policy
The policy and associated guidance provide the identification and classification of information created, stored, and/or transmitted.
Electronic Messaging Security Policy
The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.
Application Security Policy
The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools. Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.
Keeping Information Security Simple – Congratulations: You are a Risk Manager and a Systems Administrator – Know It or Not, Like It or Not
Letter from the CISO, Vol 2 Issue 11 Washington University Community: With Great Power Comes Great Responsibility As Uncle Ben in Spiderman said to the young Peter Parker, “with great power comes great responsibility.” Thinking back to the way I learned to program computers in high school by writing FORTRAN code onto paper by hand, […]
Keeping Information Security Simple – Top Ten Social Engineering Techniques
Letter from the CISO, Vol 2 Issue 10 Washington University Community: I often encourage everyone to “be vigilant, skeptical, and a little paranoid,” and I usually provide a few pointers on things to watch out for and what to do when (if) you see them. Which Half Are You In? A recent report concluded that […]
InfoSec Alert: LastPass Security Breach
On December 22nd, 2022, LastPass notified their customer base of a cybersecurity incident that put customer data and passwords at risk. This incident occurred in November of 2022. Bad actors could potentially possess encrypted user data that includes “usernames, passwords, secure notes, and form-filled data,” according to LastPass. While in possession of this data, the bad […]
Keeping Information Security Simple – Your Internet Bodyguard
Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]
Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst
Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes […]
Keeping Information Security Simple – You’re smart and getting smarter, but…
Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]
Cybersecurity Awareness Month 2022 Recap
Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]
Cybersecurity Awareness Month: Ransomware
Ransomware is malicious software that renders data and systems unusable until the targeted individual or organization pays a ransom. Find out more at Ransomware | Office of Information Security | Washington University in St. Louis (wustl.edu). Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our […]
Cybersecurity In The Home: 3 Steps Households Can Take
The COVID-19 pandemic forced millions of Americans to embrace working from their own home – a concept most had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those surveyed would like to continue working from home […]
Keeping Information Security Simple – It’s All About “The Hook”
Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]