Your Safety and Information Security
Your safety is a priority at the University of Alaska Southeast.
The safeguarding of sensitive student and employee information - known as Information Security(IS) within the field of Information Technology - is an integral component of the overall strategy implemented by the UAS campuses, in addition to the physical safety of students, visitors, and employees.
The UAS Information Technology Services department identifies, recommends, and implements IS policies - in accordance with University of Alaska systemwide Information Assurance(IA) directives - and deploys technology according to best practices.
Safeguarding Sensitive Information: A Shared Responsibility
As UAS faculty, employees, and students, we share the responsibility of safeguarding sensitive information.
If you have not already subscribed to receive text message announcements, you may do so here.
The prevalence of identity theft, viruses, and attacks against networks - which continues to rise - has made it a necessity for organizations, employees, patrons, and individuals to take proactive measures against these cyber crimes. Remember, the first line of defense is informed practice.
Let's take a look at some information security recommendations that everyone can practice.
Personally Identifiable Information: What is it?
Personally identifiable information (PII) refers to personal data that an individual provides to an organization for some business purpose. Data is considered PII if it is specifically associated with an individual, if it was disclosed by the individual to the organization and persistently stored for future use, and if the individual who submitted the data has an interest, either directly expressed or by legal right, in limiting the propagation of the data within the organization or to other organizations or individuals.
Safeguarding Personally Identifiable Information (PII)
- Ask how information will be used before giving it out.
- Avoid common names/dates for passwords and PINs.
- Pick up mail promptly.
- Pay attention to credit card and bank statements.
- Shred personal documents that contain personally identifying information.
- Order credit report annually.
- Refrain from carrying SSN card and passport.
Password Security Tips
When creating a password:
- Combine letters, numbers, and special characters.
- Do not use personal information.
- Do not use common phrases or words.
- Do not write down your password, memorize it.
- Change password according to organizational policy.
Never share your password! UAS IT services will never ask for your password.
E-mail Security Tips
As a general rule use the following tips when accessing e-mail:
- Do not access the web by selecting links in e-mail or pop-up messages.
- View all e-mail in plain text.
- Delete unsolicited/suspect e-mail - err on the side of caution.
- Use antivirus software to scan e-mail attachments - even if you think the file is clean.
- Type the web address or use bookmark.
- Contact the organization by phone.
To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
Social Engineering Security Tips
- Do not participate in unapproved telephone or online surveys.
- Do not give out personal information.
- Do not give out computer or network information.
- Do not follow instructions from unverified personnel.
- Document interaction: 1) Verify the identity of all individuals, 2) Write down phone number, 3) Take detailed notes.
- Contact your security point of contact or help desk.
What is Phishing?
Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
How to Recognize Phishing
- Tend to use e-mail or pop-ups
- Appear to be from legitimate sources: Government, Internet Service Providers (ISP's), Your bank, etc.
- Claims you must update or validate information.
- Directs you to a website that looks real.
*Note: Legitimate companies/organizations do not ask for personal information.
For additional information, please see the following links:
National Institute of Standards and Technology (NIST) Computer Security Resource Center
Online DoD Anti-Phishing and Information Systems Security Awareness (ISSA) Training for non-DoD personnel. Provided by the Information Assurance Support Environment.
UAS Guidelines for Copyright
The University has a profound respect for copyright and intellectual property. This respect is reflected in the Board of Regents policy and regulation (R02.07). In addition, the university has specific legal obligations under the Digital Millennium Copyright Act (DMCA) to protect copyright holders and to respond quickly to complaints of copyright violation. This obligation to protect copyright must be implemented with due regard for privacy rights of technology users that have been created by Regents Policy.
Under United States copyright law, UAS is required to remove or disable access to materials. Whenever someone downloads or shares music (including but not limited to peer-to-peer sharing), movies, or other video files for free for which he/she does not have copyright holder’s permission to download, infringement of the artist's copyright occurs. Unless an artist has specifically stated on their website, CD, etc. that the public may download, copy, and otherwise share music, movie, or other video files, you may assume that these works are protected under U.S. Copyright Law.
Verified abuses may lead to immediate suspension of access to University networks and/or computing resources, subject violators to possible University disciplinary action, and expose them to fines, other civil penalties, and criminal prosecution by copyright owners. Information on federal criminal penalties is available at Copyright.gov.
- For information on legal ways of obtaining and using copyright content, visit Michael Ciri’s presentation (272Kb).
- Board of Regent Policy 02.07. Information Resources
- UAS Acceptable Use Policy
- UAS Process for Blocking Network Access
Acceptable Use of Online Resources
University computing resources (including networks, applications and end user devices such as computers and conferencing devices) are made available to the university community and affiliated individuals to facilitate the mission of the university: instruction, research and public service. Regents’ Policy provides that the essential purpose of the University of Alaska is to engage in the pursuit of truth, the advancement of learning and the dissemination of knowledge. To manage computing resources to accomplish these ends, users and administrators must distinguish among limited-public forums, wherein content is restricted to certain topics ( e.g., university business), private communication, and public forums. All use of computing resources must comply with applicable law, Regents’ Policy and University Regulation, and must not disrupt the functioning of the University. As a result, some uses which are prohibited or restricted include the following:
- Obtaining or distributing copyrighted materials without authorization, e.g. illegal downloading of music, movies and/or software.
- Activities which disrupt the workplace, e.g. sending, replying to, or forwarding unsolicited bulk e-mail (spam, chain mail, etc), or unauthorized use which consumes large amounts of computing or network resources.
- Use of list serves or mailing lists created for university business in a manner inconsistent with or disruptive of University business.
- Threatening or harassing communications.
- Accessing or attempting to access or alter electronic resources without authorization.
- Commercial use or use for personal financial gain, e.g., using University email as a contact for a business.
- Partisan political activity, e.g., sending email supporting a political party or group.
For additional information on appropriate use and user rights, please refer to Regents' Policy and University Regulation:
- Chapter 02.07 on Information Resources
- Chapter 04.10.030 on Conflicts of Interest
Also, the Student Code of Conduct can be found in Regents Policy 09.02.02. University employees may also want to refer to the Alaska Executive Branch Ethics Act (in .pdf format) from UA Ethics Forms page.
Although copyright and acceptable use questions are many, this presentation titled Here's How You Can: Copyright & the Internet is a good place to start when identifying and using online resources.
What are text messages?
You can sign up up to receive alerts from UAS. These alerts are sent to a cell phone that you specify through text messages (aka Short Message Service or SMS). These are short messages with a variety of information from UAS.
- Safety & Closure Alerts by Campus
- Campus Announcements
- Class Grades
- Class Announcements
- Class Assignments
How do I sign up?
You can start text messaging and select which messages you receive through Messaging Options in your UAS Online profile.
- Provide your cell number, choose your provider, and click Send Code
- Some text will be sent to your cell, type this into the Registration Code field
- Select What types of messages you want to receive and click OK
Where is my provider?
If your cell phone provider is not listed, please contact the Helpdesk.
The Helpdesk will need to know who your provider is, and what your SMS address is (available from your cellular service provider).