Information Security FAQ

How do I report an information security incident?

If there is an emergency, or you or someone you see is in danger please call 911 right away. To report a suspected information security incident please call the SSU IT Help Desk at (707)-664-HELP to report the incident.

Alternatively, you can email the SSU IT Help Desk at helpdesk@sonoma.edu.

What are my responsibilities as a computer user?

Users are expected to use good judgment and reasonable care in order to protect and preserve the integrity of CSU equipment, its data and software, and its access. More details can be found in the CSU Responsible Use Policy.

How can I protect myself when using computers or the Internet?

  • The SSU IT Safe Computing tips discuss ways to stay safe online.
  • Here are some other general guidelines to follow:
    • Use a different password for every account. If you reuse the same password then an attacker who compromises one service you use, or an unscrupulous administrator of that service, can use that password to break into your other accounts.
    • Ensure your operating system and all installed software is still supported by the developer and that security updates are being released.
    • Apply updates to your operating system and all installed software regularly. Consider enabling automatic software updates.
    • Install and maintain anti-virus software. The SSU IT Malware: Viruses, Trojans, and Spyware page has instructions as well as some recommendations on anti-virus software.
    • Do not leave your computer, phone, tablet, or storage devices unattended in a public setting.
    • Use full disk encryption on devices containing sensitive information.
    • Configure screen locking features to protect your computer when you are not using it.

Where can I find the definitions of "Level 1 Data," "Level 2 Data," and "Level 3 Data?"

What is a Data Owner or Data Authority, and what are their responsibilities?

  • Each information asset containing Level 1 Data must have an identified Data Owner or Data Authority.
  • The Data Owner must classify the data and approve all users and uses of the data, storage locations for the data, and controls protecting the data.
  • Additional information about the Data Owner's responsibilities are defined in Section 7.1 of the SSU Information Security Management Program.

What security requirements apply to the use of cloud services and other third party services?

What are Electronic and Digital Signatures and when can they be used?

  • A Simple Electronic Signature (such as a check box on an authenticated web page or an email approving a request) may be used in lower risk situations where the university will not be heavily impacted should a signature be forged or should the university be unable to prove the validity of said signature.
  • A Digital Signature is a very specific form of an Electronic Signature which uses cryptography to establish the authenticity and validity of the signature with much greater certainty. For transactions where there is a greater risk to the University, or where a “wet” signature is typically required, Digital Signatures must be used instead of a Simple Electronic Signature.
  • For a Digital Signature to be valid, it must be created by a technology accepted for use by the State of California and conform to technologies capable of creating Digital Signatures as set forth in California Government Code Section 16.5:
    1. It is unique to the person using it;
    2. It is capable of verification;
    3. It is under the sole control of the person using it;
    4. It is linked to data in such a manner that if the data are changed, the Digital Signature is invalidated;
    5. It conforms to Title 2, Division 7, Chapter 10, of the California Code of Regulations.
  • The requirements for implementing Electronic and Digital Signatures are defined in the CSU Electronic and Digital Signatures Standard.