Services

Campus Security Services

LOST CAMPUS EQUIPMENT

Contact the University Police (310-243-3696) to inquire about lost property.

For lost university assets, please send an email to ISO@csudh.edu, please include details about the asset loss, including the date of loss, the type of data lost, and potential security breach. 

Please Note: The device's access to our network and the stored data is more valuable than the device itself. Having a strong password on your device, may lower the risk of a security breach.

MULTI-FACTOR AUTHENTICATION (MFA)

In an effort to increase the security on campus the Information Security Office is implementing Multi-Factor Authentication (MFA) for employees, who have access to level 1 data.

What is MFA?

Instead of requiring just one piece of secret information, like a password, Multi-Factor Authentication (MFA) requires a few pieces of secret information to authenticate. Most implementations follow the rule: something you know & something you have & something you are. This usually takes the form of a password, biometrics, plus a one-time code. These one-time codes can be sent via SMS to a trusted phone associated with the account that is being logged into, a token, or generated by an app. When a user successfully authenticates they are proving that they know the password and they have access to the trusted device. Attackers may know the password but without the one-time code they are unable to login to the account.

Reporting Security Breaches

It's important to promptly report all suspicious events, security breaches, and potential security breaches.

WHAT should you report?

Unauthorized use, access, or disclosure of information lost or stolen documents, files, disks, or hardware erratic computer activity that may signal hacking or other intrusion into the organization's network

To WHOM should you report?

Your supervisor, IT Department, or Information Security Office.

WHEN should you report?

Immediately or as soon as the loss is discovered. 

Higher Education Community Vendor Assessment Toolkit (HECVAT)

Campus IT environments are rapidly changing and the speed of cloud service adoption is increasing. As campuses deploy or identify cloud services, they must ensure the cloud services are appropriately assessed for managing the risks to the confidentiality, integrity and availability of sensitive institutional information and the PII of constituents. Both cloud providers and cloud consumers are wasting precious time creating, responding, and reviewing such assessments.

The Higher Education Community Vendor Assessment Toolkit (HECVAT) attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. The matrix:

  • Helps higher education institutions ensure that cloud services are appropriately assessed for security and privacy needs, including some that are unique to higher education
  • Allows a consistent, easily-adopted methodology for campuses wishing to reduce costs through cloud services without increasing risks
  • Reduces the burden that cloud service providers face in responding to requests for security assessments from higher education institutions

The Information Security office requires all qualifying software and hardware purchases by university to go through security screening using HECVAT process. Before purchasing, ask the vendor to fill out the HECVAT form and send it to ISO@cudh.edu