Letter from the CISO, Vol 2 Issue 11 Washington University Community: With Great Power Comes Great Responsibility As Uncle Ben in Spiderman said to the young Peter Parker, “with great power comes great responsibility.” Thinking back to the way I learned to program computers in high school by writing FORTRAN code onto paper by hand, […]
Keeping Information Security Simple – Top Ten Social Engineering Techniques
Letter from the CISO, Vol 2 Issue 10 Washington University Community: I often encourage everyone to “be vigilant, skeptical, and a little paranoid,” and I usually provide a few pointers on things to watch out for and what to do when (if) you see them. Which Half Are You In? A recent report concluded that […]
InfoSec Alert: LastPass Security Breach
On December 22nd, 2022, LastPass notified their customer base of a cybersecurity incident that put customer data and passwords at risk. This incident occurred in November of 2022. Bad actors could potentially possess encrypted user data that includes “usernames, passwords, secure notes, and form-filled data,” according to LastPass. While in possession of this data, the bad […]
Keeping Information Security Simple – Your Internet Bodyguard
Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]
Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst
Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes […]
Keeping Information Security Simple – You’re smart and getting smarter, but…
Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]
Cybersecurity Awareness Month 2022 Recap
Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]
Cybersecurity Awareness Month: Ransomware
Ransomware is malicious software that renders data and systems unusable until the targeted individual or organization pays a ransom. Find out more at Ransomware | Office of Information Security | Washington University in St. Louis (wustl.edu). Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our […]
Cybersecurity In The Home: 3 Steps Households Can Take
The COVID-19 pandemic forced millions of Americans to embrace working from their own home – a concept most had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those surveyed would like to continue working from home […]
Keeping Information Security Simple – It’s All About “The Hook”
Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
Security Resources for Faculty and Researchers
The Office of Information Security (OIS) supports WashU’s mission of excellence in teaching, research, and patient care by assessing the security of the tools our community uses every day to do our work. Faculty and researchers often have specific needs for secure storage and communication services and unique needs for tools that aid student engagement, […]
Win Up To $1,000 in Our Cybersecurity Awareness Month Test Your Knowledge Competition
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in our efforts. For this year’s Cybersecurity Awareness Month, we broadened the range of topics covered by our knowledge test, and we increased our prize amounts accordingly. We hope that taking this quiz and playing the […]
WEBINAR: Security in Research with Michael Mayer
Do you want to know how security plays into research at WashU? Please join Michael Mayer, Information Security Analyst III, with the Office of Information Security, and bring your questions about how to secure your research. Mark your calendars and join us via Zoom on October 11 at 12 pm CST. This webinar is exclusively […]
Meet Your InfoSec Team: Greg Whipple, Information Security Analyst III
Greg Whipple, Information Security Analyst III, is new to the Digital Forensics and Incident Response Team. In his role, Greg will perform forensic analysis of log data to further investigations into potential system compromises. Greg will also recommend ways to improve our processes and tools. Greg started his journey in information security with the US […]
InfoSec Alert: Critical Security Updates for Apple Devices (iOS, macOS)
Apple recently released a critical software update for all iOS (iPhones and iPads) and macOS devices designated iOS 15.6.1 and macOS 12.5.1. With the launch of these updates, Apple took the increasingly common step of alerting users that these updates patch vulnerabilities that criminals may actively exploit. Please update your iOS and macOS devices as […]
Keeping Information Security Simple – Why Do Cars Have Brakes?
Letter from the CISO, Vol 2 Issue 2 Washington University Community: Why Do Cars Have Brakes? Why do cars have brakes? The obvious answer is that it helps them slow down and stop. The “real” counter-intuitive reason is that brakes let cars go fast. Imagine the panic and fear of being in a car that […]
Keeping Information Security Simple – Who’s Responsible for Information Security?
Letter from the CISO, Vol 2 Issue 1 Washington University Community: Who’s responsible for Information Security at WashU? It seems like an odd question for me to ask since I’m the Chief Information Security Officer, but I ask it anyway. I know information security is my responsibility. Or, at least, it’s usually the person in […]
Top Ten Travel Tips for Better Information Security
Many in the WashU community will travel this summer, visiting friends and family, taking vacations, attending classes and summer programs, staking out new study abroad opportunities, conducting research, or meeting with colleagues. The long days of summer ahead provide time to rest, relax, and recharge while also renewing professional and academic pursuits through research, collaboration, […]
SECURED Special Bulletin: SMiSh Attack, Last Call for $250, Windows Vulnerability, and Improved Account Security
Website Scavenger Hunt Ends Soon (Win $250) Please take some time to visit our website scavenger hunt for a chance to win $250 in Bear Bucks if you haven’t already. This competition ends tomorrow at midnight, so get your entry in soon to learn about some key resources and secure your chance to win. Chance […]
Website Scavenger Hunt with $250 prize and New Protections in Office 365
The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]
InfoSec Allies: Office of Resource Management
The Office of Resource Management (ORM) plays an essential part in our day-to-day lives and operations at WashU. The office, home to more than 20 staff members, encompasses the departments of Purchasing Services, Furniture and Design, and Supplier Diversity and Mail Services. People from every department and role in the university community interact with the […]
Keeping Information Security Simple – The Only Constant in Life is Change
Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]
Security Spring Cleaning Top Five
Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also remember to clean […]
Another Chance to Win and New Defender Features Coming to Office 365
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’re introducing new security features in Office 365 and running another prize competition! March Prize Giveaway We had a great turnout for our February Information Security prize giveaway, so we’re doing it again this month! […]
Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager
For the past three years, Quint Smith, Information Security Training and Communications Manager, has been building and managing the InfoSec marketing, communications, and culture program. He aims to encourage an informed, aware, and empowered user community, resilient to the continually evolving cyber threat landscape. He says, “information security is an arms race, and technical defenses […]
IRB Security Review
In the IRB Security Review process, our team works with research coordinators to evaluate security risks involved in the research process.
10 Security Tips for Spring-Break Travelers
Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. Helpful capabilities—your digital […]
Security Tips for Working From Home
By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]
What are the Security Expectations of Your Research Sponsor?
Increasingly, research sponsors require grantees meet strict security requirements to protect the data and systems used in funded projects.
Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!
Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Guiding Information Security Questions for Researchers
There are many reasons to care about research security. Researchers depend on the availability and integrity of their research data to continue the vital work of innovation, discovery, and improvement. Research participants rely on researchers and their teams to protect their information and privacy at every stage of the research process. These responsibilities are core […]
Keeping Information Security Simple – Automagically update everything!
Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
Research Data Security
The first step in developing a security strategy for your research is to know how your data are classified. Data classification, the process of categorizing data according to risk level, empowers you to select the right tools and services to protect your research.
Information Security for Researchers
WashU faculty, staff, and students regularly generate data through research. Safeguarding these data is crucial to protecting the privacy of research participants, the intellectual property of WashU researchers, the security of WashU systems, and the public’s trust in WashU. The Office of Information Security works with researchers, offering tools, services, and guidance to protect research, […]
Last Chance for Prizes and Cybersecurity Awareness Month 2021 Recap
Cybersecurity Awareness Month 2021 is in the rearview mirror! This year, we set out on the Road to Cybersecurity together. We hosted several events, sent out weekly security tips, and published a great newsletter full of original content authored by WashU’s information security staff. Competitions Our Cybersecurity Awareness Month competitions are always popular. In 2020, […]
Meet Your InfoSec Team: Michael Mayer, Information Security Analyst
Michael Mayer is an Information Security Analyst II working in Governance, Risk, and Compliance. This part of our office is a critical component of our information security posture. Michael cooperates with researchers and other university offices in support of safe and ethical research. He works with the Institutional Review Board to evaluate security requirements for […]
WEBINAR: Careers in Cybersecurity and Student Prize Competition
Did you know that there are more than three million open positions in cybersecurity today? There is a huge demand for cybersecurity professionals today, and the Bureau of Labor Statistics predicts that this trend will continue for the next decade and beyond. This high demand means opportunity, competitive salaries, and job security. Effective cybersecurity requires […]
Keeping Information Security Simple – Physical Security Comes First
Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools […]
Meet Your InfoSec Team: Denise Woodward, Information Security Manager
Denise Woodward is an Information Security Manager in Governance, Risk, and Compliance for our Office of Information Security. She has 27 years of experience in IT, 22 of which are in information security. She got her start in information security working on the Help Desk of A.G. Edwards & Sons and has enjoyed solving problems […]
Cybersecurity Awareness Month
The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools to be safe online. All October long, we are promoting key behaviors to encourage every student, faculty, and staff member to take […]
InfoSec Alert: Critical Security Updates for Apple Devices
Apple recently released a critical software update for all Apple devices designated iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. Apple issued these emergency updates in response to reports that “zero-click” spyware has been discovered on their devices. Users can update their own devices using the following steps (please note that download times may […]
Keeping Information Security Simple – Be Skeptical and a Little Paranoid
Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]
Keeping Information Security Simple – Multi-Factor Authentication
Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]
Workday Security
Washington University recently adopted Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive information such […]
Controlled Unclassified Information (CUI) in Sponsored Research
These pages provide a general overview of capabilities to appropriately safeguard controlled unclassified information (CUI) at Washington University in St. Louis. Overview The federal government requires minimum security requirements for certain federal information and systems that house or transmit sensitive information defined as Controlled Unclassified Information (CUI). These security standards are set forth by the National […]
Updated Device Security Guidance and Best Practices
Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device itself or […]
Security Guides for iOS/macOS Posted, WIN and Android Coming Soon
Most of us rely heavily on our computers and personal devices to do our jobs, shop for our households, navigate unfamiliar roads, communicate with others, and myriad other tasks. Today, we may take this continuous access to the Internet as a given, hopping on and off networks as we move through the world, allowing location […]
Keep Your Information Secure This Tax Season
Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]