Tech Guides :: Information Security
Humboldt State University's Information Security Office works with the campus community to secure system and network resources and to protect the confidentiality of student, faculty, and staff information. We welcome suggestions for ways in which HSU's electronic and information security can be improved. You can contact the campus Information Security Office at iso@humboldt.edu.
Security Information for IT Support Staff
There are many security related issues that IT Support Staff should be aware of. We have summarized some important details that should not be overlooked. See Security Information for IT Support Staff.
Data Classification Standards
The CSU has developed a list of classification standards based on Level 1 (Confidential ), Level 2 (Internal Use), and Level 3 (Public). For more information, see the CSU Data Classification Standard.
Virtual Private Network (VPN)
As part of the border firewall closure project, HSU has deployed a Virtual Private Network (VPN) server, which will allow staff and faculty who are already using Remote Desktop or VNC to connect to their office computers to make that connection via an easy and secure web interface. For more information, see www.humboldt.edu/~security/vpn.
HSU Border Firewall Closure
The HSU border firewall was closed on October 1st, 2009. The "closed border" firewall configuration will greatly enhance the security of campus computers and data. See the Campus Border Firewall page for more information.
Password Expiration Information
The requirement to change your HSU password regularly is part of a larger effort at HSU to make campus computing systems more secure and to comply with Federal, State, and CSU polices and standards. Users having access to the Peoplesoft HR and Finance systems are the first to be affected by these new requirements. For more information, see the Password Expiration web page.
Protecting Your Personal Information
Rule #1 - Never send your password via email! The HSU Help Desk will not ask you for it. You may receive fake but official-looking requests to send your password or other personal information. Do not respond to such "phishing" attempts! For more information, see phishing information from Educause.
Securing Confidential Information and Protecting the Campus and Yourself - Recommendations and background information on the mechanisms that HSU uses to protect your information from unauthorized use.
Usage Guidelines :: Responsibility :: Policy
Your Responsibility - Information on user responsibilities and misuse of computing and information resource privileges.
HSU Policies and Guidelines - Familiarize yourself with the policies and guidelines that govern your use of computers at Humboldt State University... CENIC, HSU Appropriate Use Policies, HSU Web Policy.
Federal and State Laws and Policies - Familiarize yourself with federal and state laws and policies that govern your access to and use of personally identifiable and other confidential information collected by Humboldt State University.
Information Security Program - Description of HSU's information security program, approved June 12, 2003. That program document pertains to the formal requirements of the federal Graham-Leach-Bliley Act.
Disaster Recovery - Recommendations for protecting vital data for disaster recovery purposes.
- Reporting Security Violations:
- HSU Police Department - Threats to personal safety: 911 or 5555 from campus phones.
- spam@humboldt.edu - Spam mail.
- security@humboldt.edu - Account violations, security concerns.
- webmaster@humboldt.edu - Web page violations.
User Confidentiality Statement Form
All University employees, including student employees, as well as contractors and consultants, are required to have a signed Confidentiality Statement Form on file with the office of Human Resources & Risk Management as a precondition for applying for an account to campus and CSU computing servers that host personally identifiable or other confidential information. There are two forms, one for members of the faculty and a second for non-faculty employees. Please click on the appropriate link below for instructions on completing the form:
Faculty Confidentiality Statement Form - This form is for use by all faculty, including tenure track, probationary, lecturers, counselors, coaches, emeriti, retired, and graduate teaching associates.
Academic Professionals (Unit 4) Statement Form - This form is for use by all employees in bargaining unit 4.
General (Non-faculty) Confidentiality Statement Form - This form is for use by all other University employees, contractors, and consultants.
Once your form is on file, you may apply for an account to the data custodian to access the information you need in order to perform your job responsibilities. The data custodians are defined in University Management Letter 09-2003 [03-03], HSU Student Records Access Policy.
Campus IT Procedures, Guidelines, and Practices
The Information Technology Council advises the CIO, ISO, and ITS Staff on relevent technology isses. IT Council procedures have been developed to form concensus and provide information and processes for the application of IT related policies, strategies, and best practices. For more information about the IT Council and the documents it has developed see the IT Council Moodle site (login required).
Secure Authentication (HSU User Name and Password)
HSU has an overarching identity management system for access to electronic services offered by the campus. What this means is that when a student, staff, or faculty member officially enters the university population they are given a standard HSU User Name and accounts are automatically created on systems based on their university role.
Read More >>
Password Protection - Defend yourself against unauthorized access to your accounts.
Secure Server Communication
Information Technology Services has implemented a number of technical measures to improve information security on campus. Some of the recent improvements include removing insecure access to the email and web servers on campus. This is done by allowing only secure connection software to the servers.
Read More >>
WebMail - As a service to students, faculty and staff, HSU offers WebMail, which provides secure access to your HSU email account. WebMail is accessible from any computer, on or off-campus, that has a Web browser and access to the Internet.
There are a number of off-campus web-mail services that allow people to check their HSU email accounts from any computer with access to the Internet. These sites may not choose to secure your account information. Unauthorized individuals may be able to access account and password information to log in to a person's account without permission, to spam, to initiate denial of service attacks, or to attack networks.
Viruses :: Spamming :: Urban Legends
Spam Mail - Information on spam mail, myths, hoaxes and urban legends.
Virus Information - Information on viruses.
Virus Protection - Virus screening for email.
Check and confirm information at the following sites:
F-Secure.com -
Information about virus myths and hoaxes.
Computer Incident Advisory Capability - U.S.
Department of Energy.
SANS
Internet Storm Center - Cooperative Internet security technology bulletins from the SANS Institute.
Legends - Urban legends confirmed or debunked at About.com.
Still not sure if it's true or not... send it to security@humboldt.edu and we will check it out for you.
