Computer Security for Student Affairs Data Coordinators
The following information is provided to help the Data Coordinators understand the computer security requirements of San Diego State University and the Division of Student Affairs. Use this information to review your department's computer security and implement any needed changes.
Each department is responsible for implementing procedures to protect their electronic data and computer hardware from theft, loss, or corruption.
Software vendors frequently releases patches for vulnerabilities that are discovered in their software. Some of the most critical vulnerabilities can enable an unauthorized user to take control of the system. It is critical that every computer in Student Affairs has all current patches installed!
- The latest version of anti-malware software can be downloaded from EDORAS.
- Malware protection (DAT) files should be updated daily.
- Avoid opening files attached to email unless you know their source or requested the file.
- Don't run files directly from the Internet (it's safer to save them to disk first and then run them).
- You can check the validity of a malware at the McAfee site.
To keep current on the latest security issues and vulnerabilities subscribe to the lists below:
- Microsoft Security Bulletins: For the latest information from Microsoft.
- SANS@RISK: This site summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them.
- CERT Vulnerability Notes Database: Provides information about software vulnerabilities..
For Microsoft operating systems the Baseline Security Advisor can perform local or remote scans of Windows systems. It will scan for common system misconfigurations and weaknesses.
Server log files should be reviewed daily in order to discover suspicious activities and other system problems as soon as they occur.
If you believe that a system has been compromised, you should:
- Immediately unplug the network cable in order to remove the system from the network.
- Notify the department director immediately.
- Contact Technology Services team immediately.
- Use our Student Affairs IT Work Requests system to submit your request to have your PC checked.
If you believe your email account has been compromised:
If you believe your email you have been targetted for Phishing attacks, follow these instructions to report it to ETS Helpdesk.
- Make sure that every user account has a strong password.
- Warn your users about how to avoid Social Engineering.
- IT Security Office (ITSO) - Security Resources
- Internet Information Services Lockdown Wizard
- Microsoft - Security TechCenter
- Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11
- Windows 10 Security Overview