Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Answers
Answers Knowledge Base
Teams
, (opens new window)
Information Security
Results will update as you type.
  • Security 101
    • Reporting Phishing and Suspicious Email in Microsoft Outlook
    • Phishing and Suspicious Email
    • Got Phished! Now What?
    • File Sharing Restrictions on Copyrighted Material
    • Passwords
    • Protecting Your Digital Devices on Campus
    • Common Security Threats
    • Cybersecurity Check-in
  • Security Standards/Guidelines/Policies
    Calendars
You‘re viewing this with anonymous access, so some content might be blocked.
/
Security 101
Updated Sep 26

    Security 101

    About Security 101

    This section is intended to present basic security concepts and best practices that form the foundation for all security-related activities.  It is intended for all members of the University community, both technical and non-technical.  We explore common threats to our information, and what each user can do to better protect the information against unauthorized exposure.

    Safe Computing

    Additional tips from ITS, including information about antivirus, smart TVs, and safe computing tips for remote users, is available in the Safe Computing section. 

    On this Page

    • 1 Basic Security Principles
    • 2 Data Classification
    • 3 Additional Security Topics and Information

     

    Basic Security Principles

    1. All faculty, staff, and students are responsible for protecting the data they work with per the University's Data Classification Standards.

    2. Never share your password.

    3. Do not click on links you receive in emails, unless you are sure the link is safe.  Hover your mouse over the link to confirm the web address the link is taking you to.

    4. Create a unique password that is not similar to previous passwords.

    5. Do not use the same password for multiple accounts.  If the password is compromised, attackers will have access to all accounts associated with that password.

    6. Follow the University's Data Classification Policy.

    In addition to the security principles listed above, all employees are required to complete an annual Information Security Awareness Training.


    Data Classification

    Data at the University is divided into three categories: Public, Enterprise, and Confidential. 

    Public - Least Protection

    Enterprise - "Standard" Protection

    Confidential - Strictest Protection

    Public - Least Protection

    Enterprise - "Standard" Protection

    Confidential - Strictest Protection

    Includes information available to the public on:

    • News.syr.edu

    • Syracuse.edu

    • Other publicly accessible web properties

    Includes administrative data used for day-to-day operations, such as:

    • Financials - Budgets

    • SUID number

    • Internal communications

    • Contracts

    • Recruitment data

    Includes data protected by laws, agreements, and/or regulations, including:

    • SSN

    • Account Numbers (Bank/Payment)

    • Driver's license/State ID numbers

    • Education records

    • Health information

    • Biometric information

    • Passwords

    • Some research data

    Data at the University should be used or not used given the following services and file storage locations. 

    Service/Storage Location

    Enterprise - "Standard" Protection

    Confidential - Strictest Protection

    Service/Storage Location

    Enterprise - "Standard" Protection

    Confidential - Strictest Protection

    Email - SUmail*

    May be used

    Data must be password-protected/encrypted

    Email - Personal

    May not be used

    May not be used

    File Shares (G: and H: Drives)*

    May be used

    Data must be password-protected/encrypted

    Office 365*

    May be used

    Data must be password-protected/encrypted (HIPAA may not be used)

    Google Workspace*

    May be used for academic purposes only

    May not be used

    Non-University Cloud Systems (Personal OneDrive, Google Drive, Dropbox, Apple cloud, etc.)

    May not be used

    May not be used

    Blackboard*

    May be used

    May be used for FERPA

    Video Conferencing/Collaboration - Microsoft Teams*

    May be used

    Data must be password protected/encrypted (HIPAA may not be used)

    Video Conferencing/Collaboration - Zoom*

    May be used

    Data must be password protected/encrypted (HIPAA permitted only in HIPAA system)

    *-University System

    Please also be aware of the Syracuse University Data Classification Standards.

    Computing Security Breaches

    The Syracuse University Security Incident Response Team (SIRT) works with the campus community to provide a safe computing environment for all campus users, including investigation for any suspected or reported security breaches. Users can report computer security incidents or security concerns about the SU network, suspicious e-mail or file attachments, personal data integrity, or violations of the SU Information Technology Policies by calling Information Technology Services at 315.443.2677 or by emailing infosec@syr.edu.

     

    Additional Security Topics and Information

    • Reporting Phishing and Suspicious Email in Microsoft Outlook
    • Phishing and Suspicious Email
    • Got Phished! Now What?
    • File Sharing Restrictions on Copyrighted Material
    • Passwords
    • Protecting Your Digital Devices on Campus
    • Common Security Threats
    • Cybersecurity Check-in

    , multiple selections available,
    {"serverDuration": 9, "requestCorrelationId": "e219c5c438ca4514b37c991c1d44d027"}