OIT Security
This web site contains information primarily for U of M Information Technology staff. For students, faculty, and other staff see Safe Computing and 1-HELP.
Mission & Charter
Recent Phishing Attacks at the University
University of Minnesota e-mail account holders have been targeted with waves of fraudulent e-mails. These messages are not from the University of Minnesota. We will NEVER ask you to provide personal information such as passwords over e-mail. If you receive an unsolicited e-mail or you are unsure of the sender, do not reply, do not click any links contained within it, and do not open any attached files. Read more.
Spear phishing attacks at the University
Spear phishing attacks can take many different forms, but the one thing they have in common is that they ask for sensitive information such as passwords, birth dates, social security numbers, etc. The most important thing to know is that you should never share personal information over e-mail. Read more.
Downloading or sharing copyrighted materials
Carol Carrier and Steve Cawley sent a letter that pointed out that illegal downloading or sharing of copyrighted materials on University equipment is unacceptable and may be subject to disciplinary actions. Read more.
Managing Electronic Private Data
September 11, 2006 - OIT sent correspondence to all students, faculty and staff in response to incidents that have occured at the University - and elsewhere around the world. Read Managing Legally Protected Electronic Private Information
Notice of Breaches in Security
The Minnesota legislature amended the Minnesota Government Data Practices Act to provide for disclosure to individuals if there is a breach of security (unauthorized acquisition of private or confidential data).
See: Minnesota Government Data Practices Act, disclosure of breach in security.
Steve Cawley sent a letter to Deans and Department Heads informing them of the amendment to the Minnesota Data Practices Act requiring notification of individuals if there is a breach of security of private or confidential data on individuals.
For Departments Accepting Credit Cards...
Payment Card Industry (PCI) security requirements for merchants (departments that accept credit cards) must be followed. The University Controller's Office & OIT are working with departments to assure compliance. Read more.
CRITICAL SERVER IDENTIFICATION
OIT Security needs your help in updating the university's list of critical servers. A "critical" server is important to accomplishing the University/collegiate unit/business unit mission or which stores legally protected or other important non-public data. For more information on identifying and reporting critical servers, see http://www.umn.edu/oit/security/criticalserv.html
Security Meeting
If you are a technical support person, join our monthly computer security meeting held in conjunction with the NetPeople meeting. Mark your calendar for the 2nd Thursday of the month. To subscribe to the comp-sec mailing/discussion list: send an e-mail to listserv@umn.edu with "SUBSCRIBE comp-sec " as the first line of your message
See Security Presentations .
See More Security Highlights
Whether you need policy guidance, access to Enterprise data, or you want to know more about protecting data and systems within your college or department, OIT Assurance & Security and OIT Data Security can help. |
Report law/policy violations confidentially