Skip to main content

Office of Information Security

The mission of the Office of Information Security (OIS) is to support and protect the academic and research missions of CWRU by collaborating with and serving the community to safeguard information assets. To do this, we lead an enterprise security program dedicated to ensuring the continuous confidentiality, integrity, and availability of university data.

CWRU signage at Euclid Ave. and Adelbert Rd.
FAQs

Find answers to your Information Security questions. 

duo logo
DUO Security

Everything you need to know about DUO Security's Two-Factor Authentication.

Help Desk call center
Report an Incident

Report any incidents of phishing attacks, unauthorized access, and data breaches.

Person teaching
Awareness and Education

Strengthening the cyber security of CWRU is everyone's concern, and requires better knowledge and awareness to make it happen. 

Box Logo
Box Secure Storage

Box is a storage service that enables Case Western Reserve University to store, access and share files securely.

Law picture
Governance

Learn about Information security policies, standards, guidelines, roles, regulations and more.

Information Security, often referred to as InfoSec, is the practice of protecting both digital and physical information from unauthorized access, use, disclosure, disruption, modification, or destruction. Essentially, it is the comprehensive set of rules, strategies, and tools an organization uses to keep its sensitive data safe.

The foundation of information security is built on three core principles, universally known as the CIA Triad:

  • Confidentiality: Ensuring that sensitive information is only accessible to authorized individuals. Think of this as locking your digital doors and filing cabinets so that private details stay private.
  • Integrity: Protecting data from being altered, tampered with, or corrupted. This guarantees that the information you rely on is accurate, trustworthy, and has not been changed behind the scenes by unauthorized users.
  • Availability: Ensuring that systems and networks are running properly so that authorized users can reliably access the information they need, exactly when they need it.

By balancing these three pillars, information security teams ensure that an organization's data remains safe without stopping people from doing their daily work.

  • Governance and Compliance: Entails developing the security policies, standards, guidelines, and procedures that are essential for ensuring regulatory compliance and maintaining data security.
  • Risk Management: Conducting risk assessments, offering risk mitigation guidance, performing technology procurement reviews, and managing risk acceptance documentation.
  • Security Operations: Supporting enterprise security tools and technologies such as multi-factor authentication, antivirus software, email security, vulnerability scanning platforms, and more.
  • Incident Response and Forensics: Handling cyber incident response, logging and monitoring, digital forensics, and investigations.
  • Education and Awareness: Offering training events, promoting Cybersecurity Awareness Month, and providing on-demand training.

 

Report Phising

  • Select the “Abnormal Report Phish” button located in your email client's ‘add-on side bar.’ On mobile devices, this bar will appear at the bottom of each email. If you cannot find the "Abnormal Report Phish" button, you can also forward suspicious emails to phishing@case.edu for the same automated review and feedback.
Abnormal Phishing Button

Update

New way to report phishing!

As part of ongoing efforts to keep the Case Western Reserve University digital campus secure from cyber threats, we are rolling out a new and improved way to report suspicious emails using the “Abnormal Report Phish” button. This tool, which streamlines how potential threats are analyzed and handled, should be the primary way users report suspicious emails.

Additional benefits of the “Abnormal Report Phish” button include:

  • Instant automation, which automatically triggers an immediate security review of the email; and
  • Rapid feedback, which provides an automated follow-up email within a few minutes sharing the results of the analysis.

How to use the “Abnormal Report Phish” button

If you spot a suspicious email in your inbox, select the “Abnormal Report Phish” button located in your email client's ‘add-on side bar.’ On mobile devices, this bar will appear at the bottom of each email.

Abnormal Phishing Button

Users are encouraged to no longer use the old “Report Phish” option found in the three-dot drop-down menu on webmail accounts. That legacy reporting method is being phased out. If you cannot find the "Abnormal Report Phish" button, you can also forward suspicious emails to phishing@case.edu for the same automated review and feedback.

For additional questions or assistance locating the new sidebar button, contact the [U]Tech Help Desk at help.case.edu or 216.368.HELP (4357).