FAQ'S

What is information security?
Who do I contact for information security questions?
What is encryption?
What is a password safe?
What is a dropbox-type service and is it safe to use?
How do I protect myself from identity theft?
Does Cal Poly filter email messages containing a virus?
What if I get an email asking for personal information?
What can I do if my computer gets a virus?
What is spyware and how do I get rid of it?
How do I dispose of confidential data on my hard drive?
How do I dispose of hard copies containing confidential information?
How long are we required to keep copies of documents and how do I know when to dispose of them?
What is copyright infringement and file sharing?
What are the P2P File-sharing and Copyright Violations?
What if I have a computer question or need technical assistance?

...........................................................................................................................................................................................................................................................................

1. What is Information Security?

Information Security is protecting the confidentiality, integrity and availability of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

2. Who do I contact for information security questions?

The contact us page provides the contact information for the Office of Information Security and the ITS Service Desk.

3. What is encryption?

The process of transforming information (called plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those processing the special knowledge, usually referred to as the key (wikipedia). Want to know how to use it? Go to Cal Poly Policies, Standards and Practices- Encryption.

4. What is a password safe?

A password safe or password vault is a password database utility. Users can keep their passwords securely encrypted on their computers. A single Safe Combination unlocks them all. LastPass is an example of password management software that have been used on campus. Talk to your LAN coordinator prior to installation and use of password vault software.

5. What is a dropbox-type service and is it safe to use?

Dropbox –type software provides Web access to your online file storage, file sharing, and file synchronization. There are several applications and companies who provide this service for little or no cost. The responsibility for storing Cal Poly documents and files resides with the person who stores the data. Judgment is required about how and where Cal Poly data will be stored. Please refer to the Cal Poly Information Classification and Handling Standard to identify the risks to Cal Poly for each classification of data, and specific information about how to handle specific types of documents. Different data has different regulations, laws, agreements and rules, requiring protection of that data and reporting when that data is released to unauthorized individuals. To read more about dropbox-type services, view our dropbox guidance page.

6. How do I protect myself from identity theft?

Identity theft is a serious crime. People whose identities have been stolen can spend months or years and thousands of dollars cleaning up the mess the thieves have made of a good name and credit record. In the meantime, victims of identity theft may lose job opportunities, be refused loans for education, housing, or cars, and even get arrested for crimes they didn't commit. The Federal Trade Commission (FTC) has produced a "Facts for Consumers" booklet to help you remedy the effects of an identity theft. It describes what steps to take, your legal rights, how to handle specific problems you may encounter on the way to clearing your name, and what to watch for in the future. Additional resources can be found on our News and Resources page.

7. Does Cal Poly filter email messages containing a virus?

In response to input from campus constituent groups asking for increased security of network and computing services, Information Technology Services (ITS) operates a campus email antivirus gateway as part of an overall information security solution. Cal Poly's email anti virus gateway is an appliance designed to send and receive email at a very high rate of speed. The email gateway acts as the campus entry point for all @calpoly.edu email addresses. Internet email is directed to the email gateway. Emails are then scanned for viruses and SPAM and sent to the mail server on campus for delivery. Visit our email antivirus gateway page for more information.

8. What if I get an email asking for personal information?

Cal Poly or any reputable business will never solicit personally identifying information thorough email or over the phone, so do not give it out. A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account (SANS.org). Embedded links may also include viruses and malware that are automatically installed on your computer. Cal Poly makes every effort to prevent viruses and other malicious content from reaching your campus email account, but even emails which appear to be from a trustworthy source may be forged. Exercise caution, and when in doubt do not follow links or open attachments from a suspicious message or someone you know unless you are expecting it. View our Safe Computing Presentation (PDF) which contains information about phishing email messages. Also, test your knowledge and take the phishing challenge by VeriSign.

9.What can I do if my computer gets a virus?

Report it to the ITS service desk. Additional information can be found in the antivirus section of our website.

10. What is spyware and how do I get rid of it?

Spyware is software installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer may include sluggish performance when opening programs or saving files, toolbars or icons on your computer desktop that you didn't place there, random error messages, and in some cases, there may be no symptoms at all. Visit our Viruses and spyware section. Additional information and facts about spyware can be found at OnguardOnline or in the virus and spyware section of our website.

11. How do I dispose of confidential data on my hard drive?

Disk wiping, degaussing, and physical destruction are all methods to remove confidential information from a hard drive. Please follow the Cal Poly Disposition of Protected Data Standard (PDF) for guidance to ensure proper disposal of data.

12. How do I dispose of hard copies containing confidential information?

The risk of sensitive information falling into the wrong hands is a continuous threat to the confidentiality, and integrity of Cal Poly information assets. Cal Poly employees are responsible for properly handling confidential data as described in the Information Classification and Handling Standard. Visit the Facility Services’ Website or contact the recycling division at 756-5226 or 458-2602 to request a confidential shred pick up.

13. How long are we required to keep copies of documents and how do I know when to dispose of them?

Cal Poly follows the CSU Executive Order No. 1031 – System-wide Records/Information Retention and Disposition Schedules Implementation to ensure compliance with legal and regulatory requirements while implementing appropriate operational best practices. To learn about the retention period for records and documents (electronic and hardcopy) in your department , view Cal Poly's Record Retention and Disposition Schedules.

14. What is copyright infringement and file sharing?

Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright holder's exclusive rights, such as the right to reproduce or perform the copyrighted work, or to make derivative works. Copyrighted material that is illegally distributed over the Internet can take many forms. However, most DMCA notices received by Cal Poly involve music, movies or television shows, and software, including video games, being used without permission. Other types of materials include written works, audio- and e-books, photographs and images, including Websites or other Web-based content. Visit Cal Poly's Copyright Infringement and File Sharing FAQs.

15. What are the penalties for using P2P file-sharing to infringe copyrights?

f you are found to be using P2P software to illegally share copyrighted material, you face disciplinary action by the university. In addition to notifying Cal Poly, copyright owners can file civil suits to recover damages and costs. In many cases, statutory damages of up to $30,000, or up to $150,000 for willful infringement, may be awarded even if there is no proof of actual damages. Finally, in certain cases of willful infringement, the government can file criminal charges, which can result in substantial fines and imprisonment. For more information, please see the U.S. Copyright Office Web site, especially their FAQs.

16. What if I have a computer question or need technical assistance?

For technical or non-policy questions contact:

ITS Service Desk
Monday - Friday, 8 a.m. - 5 p.m.
Request Support
805-756-7000
tech.calpoly.edu

Information Security

Quick References

US CERT Current Activity