The mission of the Office of Information Security (OIS) is to support and protect the academic and research missions of CWRU by collaborating with and serving the community to safeguard information assets. To do this, we lead an enterprise security program dedicated to ensuring the continuous confidentiality, integrity, and availability of university data.
Everything you need to know about DUO Security's Two-Factor Authentication.
Report any incidents of phishing attacks, unauthorized access, and data breaches.
Strengthening the cyber security of CWRU is everyone's concern, and requires better knowledge and awareness to make it happen.
Box is a storage service that enables Case Western Reserve University to store, access and share files securely.
Learn about Information security policies, standards, guidelines, roles, regulations and more.
Information Security, often referred to as InfoSec, is the practice of protecting both digital and physical information from unauthorized access, use, disclosure, disruption, modification, or destruction. Essentially, it is the comprehensive set of rules, strategies, and tools an organization uses to keep its sensitive data safe.
The foundation of information security is built on three core principles, universally known as the CIA Triad:
- Confidentiality: Ensuring that sensitive information is only accessible to authorized individuals. Think of this as locking your digital doors and filing cabinets so that private details stay private.
- Integrity: Protecting data from being altered, tampered with, or corrupted. This guarantees that the information you rely on is accurate, trustworthy, and has not been changed behind the scenes by unauthorized users.
- Availability: Ensuring that systems and networks are running properly so that authorized users can reliably access the information they need, exactly when they need it.
By balancing these three pillars, information security teams ensure that an organization's data remains safe without stopping people from doing their daily work.
- Governance and Compliance: Entails developing the security policies, standards, guidelines, and procedures that are essential for ensuring regulatory compliance and maintaining data security.
- Risk Management: Conducting risk assessments, offering risk mitigation guidance, performing technology procurement reviews, and managing risk acceptance documentation.
- Security Operations: Supporting enterprise security tools and technologies such as multi-factor authentication, antivirus software, email security, vulnerability scanning platforms, and more.
- Incident Response and Forensics: Handling cyber incident response, logging and monitoring, digital forensics, and investigations.
- Education and Awareness: Offering training events, promoting Cybersecurity Awareness Month, and providing on-demand training.
- General Cybersecurity Information or Guidance: help@case.edu
- Specialized questions for the Information Security Team: askinfosec@case.edu
- Report cybersecurity issues or threats: abuse@case.edu