Security Bulletin for Faculty-Staff

Fall 2017

From: Office of Information Technology [ ]
Sent: Friday, September 01, 2017
To: College Community>
Subject: Important Information Security Information

Dear CCNY Faculty and Staff:

Given the constant rise of cyber threats attempting to compromise security and confidentiality, it is important for all CCNY faculty and staff to understand best practices for securing confidential and personal information and maintaining the integrity of that information. This broadcast outlines information security resources available to the City College community to help elude these threats.
All members of the City College community are required to abide by the University’s Policy on Acceptable Use of Computer Resources and Information Technology Security Procedures. These policies are located on the CUNY Information Security website at under the Security Policies & Procedures section.

NPUI (Non-Public University Information)
Of particular concern is Non-Public University Information (NPUI), which includes:

  • Social security numbers
  • Debit and credit card numbers
  • User IDs with passwords
  • Student records (i.e., GPAs, transcripts, grades, test results)
  • Health information (i.e., immunization, disability, psychological assessments)
  • Drivers licenses or other government-issued identification

Please, never send sensitive information over the campus network, the Internet, or by email. SSNs must be eliminated from all business processes not requiring SSNs in favor of CUNYfirst Employee IDs (EmplIDs).
Contractors, consultants, and student workers with responsibilities that require them to work with NPUI must obtain written authorization from their immediate supervisor, the CCNY Vice President for Administration (Vice President Felix Lam), and the CUNY Chief Information Security Office. To request authorization please submit a Non-Public University Data Access Waiver, which may be obtained at the CUNY Information Security website:
Furthermore, those authorized to use NPUI must use encryption to store and to transmit data. For information on using encryption, please contact your local IT support personnel, Information Security at (212) 650-6565, or visit the IT Security web site. It is imperative that you are using the appropriate security measures and your IT Security team can verify that the data is appropriately protected.

CUNY Security Awareness Program
Everyone at CCNY is urged to complete the CUNY Security Awareness Program, especially those with job duties requiring them to work with NPUI. It is approximately 30 minutes in length, covering the basics of information security risks, threats, and vulnerabilities and best practices to help avoid becoming a victim. When you register at this site, please enter your name, CCNY email address, and select City College from the pull-down menu. We have had numerous attempts to target the CCNY community and this awareness program has been invaluable in protecting us against fraud and identity theft.

The awareness program can be accessed at or from the CCNY IT Security web site.

FERPA Compliance
Faculty and staff whose job duties require them to access student records are required to be familiar with the Family Educational Rights and Privacy Act (FERPA), federal privacy laws that protect students' educational records. CCNY provides an online FERPA training module that provides scenarios and best practices for working with student records; it takes about 12 minutes:

This module is not intended as, nor is it a substitute for, legal advice on any particular issue.
Legal issues regarding FERPA should be addressed to the Executive Counsel to the President, Paul F. Occhiogrosso at x8276 ( ).

These and many other Information Security resources can be found on the CCNY Information Security website:

Information security is an extremely serious topic. Please take special precautions to protect the information our CCNY community leaves under our care and the integrity of all the systems we share.

Thank you for your cooperation.