This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.
Policy 109 Information Security Incident Reporting, Response, and Recovery
The policy communicates a planned and systematic approach to incident handling from reporting to recovery and analysis.
Policy 107 Information Technology Business Continuity and Disaster Recovery Planning
The policy communicates the expectations for developing, maintaining, and practicing risk-based plans for Information Systems Business Continuity (ISBC) and Information Systems Disaster Recovery (ISDR).
Policy 100 Information Security Program
The policy is the foundation of the policy library. It establishes the charge and mission of the Office of Information Security (OIS) to protect the Confidentiality, Integrity, and Availability (CIA) of information resources at Washington University in St. Louis (WashU).
Personal Device Security Policy
The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.
Password Policy
The policy and associated guidance provide direction for authentication to WashU systems and network.
Mobile Device Security Policy
The policy and associated guidance provide methods of protection for all mobile computing and storage devices that contain or access protected or confidential information resources at WashU.
Managing Access Policy
The policy and associated guidance provide a well-defined and organized approach to facilitate access being granted, managed, and reviewed based on the roles of each computer user while remaining compliant with regulatory mandates.
Electronic Messaging Security Policy
The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.
Access to Faculty or Staff Email, Files, or Systems Policy
The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.
Employee Follows Policy to Report Colonial Pipeline Attack
A little before 5 a.m. on May 7th, 2021, an employee at the Colonial Pipeline noticed a ransom note on their computer demanding cryptocurrency. This employee followed the company’s policies and procedures and immediately reported the situation. The Colonial Pipeline attack might be one of the largest and most impactful cyberattacks in history. It started when […]
Viruses
vi·rus /ˈvīrəs/ noun a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data Viruses are often spread by email, either by someone forwarding an infected document to another user or by self-propagating, automatically sending email to everyone in the infected computers […]
Revised and Updated Policies 2023
The Washington University in St. Louis Office of Information Security supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems and […]
Confidentiality
Revised and Updated Policies 2021
The Washington University Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Security threats today are constantly changing as cybercriminals try new tactics to steal and hold ransom user and institutional data. To adapt to changes in the information security landscape, the OIS […]
Guidance
Securing Devices Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device […]
Revised and Updated Policies 2020
The Washington University Office of Information Security maintains a sustainable information security program supporting the vital work of education, research, and clinical care while also protecting our systems and users’ security. We can only achieve strong information security for all if we each take personal responsibility for ensuring our systems’ security. We continuously improve our […]
Information Security FAQ
Your Information
in·for·ma·tion /infərˈmāSH(ə)n/ noun facts provided or learned about something or someone Think of your personal information—such as social security numbers, credit card numbers, medical information—as the furniture in your house. Your passwords are the keys to that house. Just as you would never leave your house keys unattended or leave your front doors unlocked, you […]
Identity Theft
i·den·ti·ty theft /ˌīˈden(t)ədē THeft/ noun the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain. Identity theft can is invasive and can cause damage to one’s finances, medical records and reputation. Practicing safe computing habits can help you protect your information and the personal information of our students, faculty, staff, […]
109 Information Security Incident Reporting, Response, and Recovery
List of requirements by impacted audience for Policy 109: Information Security Incident Reporting, Response, and Recovery
Meet Your Infosec Team: GRC Analyst Trainees
Our Governance, Risk, and Compliance (GRC) team is fortunate to have three GRC Analyst Trainees this summer who are assisting with various InfoSec efforts. We are excited to have them on our team and would like to introduce you to each of them. Lindsey Wichman Lindsey Wichman is currently majoring in Computer Science with a […]
Meet Your InfoSec Team: Clark Huskey, Information Security Analyst
Clark Huskey, Information Security Analyst III, started his journey in information security as an amateur radio broadcaster. In his youth, Clark tinkered with personal computers and radio broadcasting equipment. Specifically, his family used citizen band radios with a large antenna to broadcast their own bulletin board service, Silver Fox BBS, until someone hacked their broadcast. […]
The Dark Side of Cryptocurrency
The unfamiliarity and confusion surrounding cryptocurrency make it easier for cybercriminals to prey on their victims. Before explaining how a cybercriminal can exploit people for cryptocurrency, it helps to have a basic understanding of the technology. Bitcoin is one form of cryptocurrency in the same way that the Euro is one form of government-issued currency. […]
IT Procurement Vendor Intake Form
We use the IT Procurement Vendor Intake Form to collect pertinent information about prospective vendors and software platforms.
Security Spring Cleaning Top Five
Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also remember to clean […]
Better Protection with Encryption
Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]
How Can Higher Ed Better Prepare Cybersecurity Students for a Hot Job Market?
original post by Tom Humbarger, EDUCAUSE Behind every new report of a data breach, data leak, or computer hack is a company scrambling to put out the fire, which is great news for job seekers or soon-to-graduate students with cybersecurity skills. Unfortunately, this is bad news for most companies because there is currently an […]
Workspace ONE (formerly Airwatch)
As mobile devices become increasingly powerful tools, so does their use in the workplace. As the usage and capabilities gaps between mobile devices and traditional computers continue to widen, we must begin to think more strategically about security for each tool, separately. This means taking the steps necessary to protect mobile devices, minimizing the risk […]
Mobile Devices
mo·bile de·vice /ˈmōbəl dəˈvīs/ noun a portable computing device such as a smartphone or tablet computer The convenience of being able to access information from any internet-connected device is great. We now have a culture where people can access their work, school, medical and personal information at any time using a smartphone or tablet. Vulnerabilities in […]
Cyber Threat
cy·ber·threat /ˈsībər THret/ noun the possibility of a malicious attempt to damage or disrupt a computer network or system Cyber threats can happen in many ways. Some of the most common attacks are: Cyber threats can result in a number of cyber crimes (online identity theft, financial fraud, stalking, bullying, hacking, email spoofing, information piracy, […]
Report an Incident
Information security incidents have the potential to affect the confidentiality, availability and/or integrity of the computer equipment or data at WashU. According to CERT, a security incident can have the following definitions: Immediately contact Information Security Office at 314-747-2955 if you suspect a security incident has occurred. How do I report a lost or stolen […]
Lost Device
Theft is the most common crime on college campuses. Laptop and other portable electronic devices are easy targets. In addition to the cost of replacement, they often have personal information and data that can be difficult or impossible to recover and protect. Losing a cell phone, tablet or laptop can happen in an instant but could […]
Documents
Document /ˈdä-kyə-mənt/ noun a computer file containing information input by a computer user and usually created with an application (such as a spreadsheet or word processor) In the course of a year, WashU students, faculty and staff create millions of electronic documents related to the academic, research, clinical and/or administrative work done at the university. Not all of […]
Travel
Traveling with WashU information presents security concerns. Encrypted devices help to reduce the risk of loss or theft of private or proprietary information. The Information Security Office can help you to encrypt your devices before scheduled travel. And Washington University Information Technology provides loaner laptops for WashU faculty and staff that have registered on the Travel […]