From phishing attempts, malware, cyberattacks, and other malicious online schemes, your IRT Information Security team monitors, educates, and works to protect the Sacramento State community 24/7, as well as to ensure that our network, data, and information systems are secure and compliant.

Information security is a team effort, including every member of our campus community. We've highlighted ongoing education efforts, the infrastructure protecting campus information, and what you can do at your own workstations to ensure we're all doing our part.

Security Training & Awareness

Phishing Awareness & Campus Education

Knowing how to identify and report phishing attempts is one of the most important ways we help protect information security. Campus utilizes the Cofense PhishMe Program to help educate faculty, staff, and students on how to spot, report, and protect themselves from cyberattacks.

Phishing Resources & How to Report

Data Security & FERPA Training

The CSU facilitates Data Security and FERPA Training to educate about the importance of keeping private data secure, and provides steps employees can take to maintain the security and confidentiality of private information. Training also covers the Family Educational Rights and Privacy Act (FERPA), which guarantees both the confidentiality of students’ education records and students’ right to access their own records.

Training on CSU Learn

Security Consultation & Reviews

ICT Review of Technology Purchases

Is your department interested in buying software or a technology device? Depending on the item and associated costs, an Information & Communication Technology (ICT) Procurement Request Form is required as part of the procurement process. The ICT provides a basic-to-comprehensive security review of a proposed technology purchase to ensure it meets:

• Compliance with federal and state requirements, CSU policies and standards and campus policies and standards
• Compatibility with campus systems and campus device standards
• Information security requirements (how the tool accesses sensitive Level 1 or Level 2 University data as part of implementation)

Technology Procurement Process

Risk Assessment & Remediation

We can partner with your college or department to adopt best practices, mitigate risk, and comply with CSU information security requirements, including:

• Assess risk and identify people, processes, and technologies needed to improve security based on your needs
• Assess and guide remediation of security compliance gaps
• Review and determine data level classifications in your area

Security Detection Tools

Network Firewall

Our firewall protects the campus network against unauthorized/malicious access, such as from malware-infested websites. Let us know if you have questions about the firewall or need to allow access to a specific server or service.

Request a Firewall Exception

Proxy Server

A proxy server is a system that is an intermediary between your device and a connecting server. It helps us to detect and identify malicious online traffic traveling through our campus network.

Request URL Allowlist to Access a Specific Website

Vulnerability Scanning

To ensure the security of our local and web applications or services, our team performs scans for potential breach points (e.g., SQL injection, cross-site scripting, etc.) using our web application scanner and system vulnerability reports.

Request a Web App Scan

Request a System Vulnerability Report

Log Analytics

As part of our day-to-day operations, we assess information from logged events captured from computer, network, and operating system activity with our University IT ecosystem.

Request Security Consultation

Identity Finder & Sensitive Data Inventory Survey

In addition to University security infrastructure and tools, we also empower employees to actively participate in information security compliance activities.

Identity Finder/Spirion

University policies require the proper handling and storing of sensitive data used in the course of University business. To make it easier to check your files directly, every University-managed workstation/device includes Identity Finder (also known as Spirion), a scanning software you manually run to determine whether any sensitive data is saved locally in/on the following locations:

• Documents folder
• Downloads
• Desktop
• Hard drive

Identity Finder does not scan your email - it focuses on locating large lists or records that may include sensitive data. We recommend you run this tool monthly to ensure your workstation/device is clear of any potential sensitive data that requires more secure storage.

How to Use Identity Finder

Sensitive Data Inventory Survey

On a biennial basis, select administrators and/or staff from each campus department completes the Sensitive Data Inventory Survey to help document how their area manages and stores records containing sensitive Level 1 and Level 2 data elements. The results provide an important baseline for managing sensitive data campus-wide to ensure security compliance.

Get Support

Need a security consultation, help using a tool, advice on ensuring information security in your area?

Contact the IRT Service Desk Team