General Questions

These are our most frequently asked questions.

  • Am I allowed to forward emails from my @utdallas.edu to a personal mail account?
    • Forwarding emails to a personal email account outside of UTD is dangerous and highly discouraged because the contents are exposed to Internet attackers and a third-party email service which has no contract with UTD.

      Several better options exist to conduct UTD-related work, including Outlook Web Access (webmail.utdallas.edu), Box.com (utdallas.edu/cometspace), and VPN remote connection to the UTD network.
  • Am I allowed to use my @utdallas.edu email for personal purposes?
    • Yes, but it is highly discouraged. This type of activity increases security risks, not to mention that all business conducted on your @utdallas.edu is public record.
  • When should I encrypt an email?
    • Your emails are automatically encrypted when sending an email to another @utdallas.edu account.

      We recommend encrypting your email any time you send sensitive data to an address outside of UTD, such as @gmail or @hotmail.

      You can manually encrypt your outgoing emails by placing [ENCRYPT] in the subject line. For example: “This is my subject line [ENCRYPT]”.
  • How do I report a security incident?
  • How should I report phishing emails?
    • Send us an email at [email protected] or fill out an anonymous contact form Contact Us page.

      Please forward us the email as an attachment because this will contain the original headers that our analysts will use to track down the original sender. For example, many email clients have the option to “Forward as Attachment.”

      For more information on identifying and report phishing, please have a look at our Phishing Blog.
  • An employee in our department has left; can I obtain access to their e-mail and files?
    • Yes, the Information Security Office will coordinate the approvals and activities necessary to obtain access to that employee’s electronic records. The department head should submit a request to [email protected].
  • How is data classified at UTD?
    • UTD uses three classifications of data to help communicate the value of information and the required protections. As found in the Information Security and Acceptable Use Policy:

      • Confidential Data: The subset of University Data that is private or confidential by law or otherwise exempt from public disclosure (i.e. Social Security Numbers, personally identifiable Medical and Medical Payment information, Driver’s License Numbers and other government-issued identification numbers, Education Records subject to the Family Educational Rights & Privacy Act (FERPA), financial account numbers, and/or other University Data about an individual likely to expose the individual to identity theft).

      • Controlled Data: The subset of University Data that is not created for or made available for public consumption but that is subject to release under the Texas Public Information Act or other laws (i.e. network diagrams, UTD emails, and/or UTD-ID number).

      • Public Data: The subset of University Data intended for public consumption (i.e. marketing materials, press releases, public websites, published papers, and/or UTD-issued email address).
  • How do I back up my important files?
    • The safest options to store important files include your home directory, your departmental share drive and box.com provided by UTD; these services are backed up frequently. If you need to store important files on your computer hard drive, you should contact your departmental technical support staff to have backup software installed. The Office of Information Technology offers CrashPlan free of charge to UTD faculty and staff.
  • How do I request an exemption from an information security policy?
  • What is the difference between my NetID and UTD-ID?
    • Your NetID is used to access campus computing resources. It usually begins with your initials followed by numbers (e.g., abc123456). Your NetID is available from the UTD directory, and is associated with a network password (update your password at https://netid.utdallas.edu). Use your NetID and password to access the UTD network, check your @utdallas.edu email, and log in to Galaxy. Keep your password secret.

      Your UTD-ID is the number on your Comet Card. It is a string of digits (e.g., 1234567890; older Comet Cards may have 8 digits). It is issued by mail when your application to UTD is processed. Your UTD-ID is used for business purposes on-campus to protect the privacy of your Social Security Number. Don’t disclose your UTD-ID to off-campus individuals. If your UTD-ID is 8 digits, insert a “20” before the number to access systems such as NetIDplus powered by Duo that require a 10-digit UTD-ID. For more information, contact the Information Security office at [email protected] or 972.883.6810.
  • When disposing of a UTD asset, such as a computer or a hard drive, how do I make sure there is no data left on it?
    • Devices can retain data even when you think it has been deleted. To ensure no UTD data is contained on your device, consider the following steps:

      1) If leased from an outside vendor, ask the vendor to ensure data is erased from device. The wiping process must be observed by a UTD employee or a certificate of destruction must be provided by the vendor.

      2) If UTD-owned, please request the Helpdesk (https://www.utdallas.edu/oit/helpdesk/) to send a technician to wipe the device or remove the hard drive.

      3) Notify the Information Security Office ([email protected]), who will dispatch a representative to collect the device for physical destruction.
  • Why was my computer or NetID blocked and how can I get it unblocked?
    • Your computer or NetID may have been blocked for various reasons. For example, you may have a malware infection, the attacker may have gained access to your account, or your resources may be associated with behavior that violates UTD policy. To find out why you were blocked and to find out how to get unblocked, please contact the Help Desk at 972-883-2911 or the Information Security Office at 972-883-6810.

Resources

These will help you to get stuff done and to stay safe.

  • CometSpace (Box provided by UTD – 1TB of storage)
  • NetIDplus powered by Duo
    • NetIDplus is UTD’s implementation of Duo two-factor authentication. Just as your cash is safer when an ATM card must be combined with a pin code, NetIDplus powered by Duo combines your NetID account with your mobile phone to protect high risk systems.

      To begin using NetIDplus powered by Duo, you will visit the NetID management page by logging into https://netid.utdallas.edu. There you will find the option to enroll a mobile device and/or phone number which can receive automated verification calls.

      To understand more about Duo in general, visit https://www.utdallas.edu/infosecurity/netidplus. If would like to see if your Duo setup is working appropriately, click here to be redirected to the Duo testing tool.

      Please contact [email protected] if you have any further questions.
  • LastPass enrollment for staff
  • Antivirus downloads
  • Digital certificate enrollment
    • You no longer need an email certificate to communicate with your colleagues within UTD because encryption features are automatically enabled to protect your message. However, some users prefer to register for a digital certificate to allow PDF signing and legacy email compatibility.

      If you would like to register for a new digital certificate, click here to be redirected to the Certificate Enrollment page with specific instructions on how to enroll for and install your certificate.
  • SSL certificates
    • A secure socket layer (SSL) certificate is required to create an encrypted, secure connection between your network-connected machine and Web servers. Install an SSL certificate on your machine as follows:
      1. 1. Go https://www.cert-manager.com/customer/InCommon/ssl.
      2. 2. Click the Certificate enrollment link. The SSL Enrollment page appears.
      3. 3. On the SSL Enrollment page:
        • a. Type “UTD” in the Access Code field
        • b. Enter your UTD email address in the E-mail field
        • c. Click the Check Access Code button.
      4. 4. Follow the on-screen instructions.
      5. 5. Specify a Certificate Type of “InCommon SSL”, “InCommon Intranet SSL” or “InCommon Multi-Domain SSL”.
      6. 6. Type in the Common Name (FQDN – e.g. pits.utdallas.edu) or click on Get Common Name from CSR.
        NOTE: If you choose InCommon Multi Domain SSL, select the Common Name first, then add a comma-and-space separated list of the alternate hostnames.
      7. 7. Select the Server Type and Certificate Term (2 years is preferred).
      8. 8. Paste in the CSR (must be at least 2048 bits) and complete the form. NOTE: Refer to the following page for instructions on converting an IIS certificate from 1024 bits to 2048 bits: https://www.geocerts.com/support/iis_upgrade_key_size.
      9. 9. The passphrase is one of your choosing, but you will not normally be prompted for it. Notification will be sent to the email address you entered initially when the certificate is ready for download. The download page will allow you to select the certificate type from a list (typically X509, Base64 encoded).
        NOTE: IIS requires a PKCS#7 certificate in binary form. When you have downloaded the certificate, rename it from my_cert.p7b to my_cert.cer before attempting to import it into IIS.
      For more information about SSL, contact the Information Security office at [email protected] or 972.883.6810.
  • Policy exemption request
  • SafeLink Decoder
    • Malicious actors are increasingly targeting unsuspecting victims by sending out malicious links. These links often look harmless but redirect you to a dangerous website or file.

      Microsoft has developed a cloud-based email filtering service to combat this, called Advanced Threat Protection (ATP). ATP modifies any incoming email links for participating users to look something like this https://nam02.safelinks.protection.outlook.com/……

      While this modification makes it difficult to read the original link destination, it allows Microsoft to perform a brief security check on the website or file before granting you access. If there is a security issue with the asset, Microsoft will prevent you from accessing it.

      In order to make easier for you to read the original destination of these links, we have created a SafeLink decoding tool. Click here to be redirected to the Safelink Decoder page.

      Like any automated system, the ATP filter may accidentally flag something as dangerous when it is not, preventing you from visiting the link. If you believe a link has been incorrectly marked as dangerous, please contact our office at [email protected] so that we can promptly review the matter.

      While technical solutions like this help us stay safe, you should always be cautious when clicking links or visiting an unknown website.
  • Training materials
    • If you would like to request training materials for your department or for yourself, please contact us at [email protected] or fill out the contact form at our Contact Us page

Policies

These are UTD and UT System policies and compliance standards related to Information Security.

  • UTD Privacy Policy
  • UTDBP3096 Information Security and Acceptable Use Policy
  • UTS 165 Information Resource Use and Security Policy
  • TAC 202
  • PCI-DSS
    • PCI-DSS refers to the Payment Card Industry Data Security Standard, an information security standard for organizations that handle branded credit cards from the major credit card companies (such as Visa, MasterCard, American Express, and Discover). This standard is mandated by the major credit card companies and administered through the PCI-DSS Security Standards Council. The purpose of the standard was to increase security controls in organizations to reduce credit card fraud and limit cardholder data through such exposure. PCI-DSS is an industry standard set by the credit card industry. While it is not a legal requirement, failure to comply with the standard when fraud or breaches of card information occur may bring financial penalties to the University by the credit card industry. For more information on PCI-DSS, refer to https://www.pcisecuritystandards.org/
  • GLBA
    • The Gramm Leach Bliley Act of 1999 applies to financial institutions, or companies that do business similar to that of a financial institution, such as making loans. Since some business processes at UTD may fall under definition of a “financial institution,” the University is required to follow the compliance statutes of GLBA. The compliance sections of GLBA refer to both the Privacy Rules regarding protecting consumer information and Safeguard Rules which dictates that information security programs and security controls be developed to protect financial data. Since the University already complies with FERPA, the Federal Trade Commission has ruled that the Privacy Rule does not apply, and only the Safeguard Rule applies. GLBA is a Federal law that dictates that any business that falls under the definition of a financial institution is required to follow the Privacy and Safeguard rule stipulations when applicable. Failure to comply with GLBA may result in sanctions, fines and/or imprisonment of officials. Any department that provides financial services similar to those of a financial institution is subject to GLBA. For more information on GLBA, refer to https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act
  • HIPPA
    • HIPPA is the Health Insurance Portability and Accountability Act that became Federal law in 1996. The act may involve items related to privacy and security of both Protected Health Information (PHI) and Electronic Protected Health Information (EPHI) that may be in use in University systems. Standards that the University follows in regard to HIPPA include:

      – Administrative Safeguards: policies and procedures designed to clearly show how the University will comply with HIPPA.

      – Physical Safeguards: controlling physical access to systems and resources to protect against inappropriate access to protected data.

      – Technical Safeguards: controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. For more information on HIPPA, refer to https://www.hhs.gov/hipaa/index.html
  • FERPA
    • The Family Educational Rights and Privacy Act (FERPA) is a federal law enacted in 1974 to protect the privacy of student education records. FERPA defines an educational official as:

      – A person employed by the institution in an administrative, supervisory, academic, research, or other support position.

      – A person serving on an institutional governing body.

      – A person employed by, or under contract to, the institution to perform a special task, such as an attorney or auditor. Educational officials are able to access a student’s record if they have a legitimate educational interest:

      – In viewing Enrollment Services or Registrar’s Office scanned images of an applicant/student, I am declaring I have a legitimate educational interest in the applicant/student’s academic record.

      – I understand my access does not include viewing images for applicants/students from another UT-Dallas program or discipline for purposes outside my legitimate educational interest (i.e., recruitment for programs outside my discipline).

      – I will view documents and materials for the specific purpose of admission or resolution of a student-related issue and will not use or re-release acquired information for any other reason.

      – If I do retrieve a student file flagged with a FERPA notation, I realize I may release NO information about this student. For more information on FERPA, refer to https://www2.ed.gov/policy/gen/guid/fpco/ferpa.
  • DMCA
    • While the use of file sharing software is legal in many countries, it is illegal in certain countries (including the United States) to download and file share materials that are copyright protected. Copyrighted materials may include but are not limited to: Movies, Television Shows, Music, Computer software, Written works, Art, and Photographs.

      Downloading of copyrighted works using University Resources is a violation of UTD policy, the Digital Millennium Copyright Act (DCMA), and federal, state, and local laws regarding copyrights. A good point to consider is that if materials may be purchased through a store or online over the Internet, it is highly likely that such materials are copyrighted, unless otherwise noted. If one is uncertain concerning the downloading of materials that may be under copyright, https://www.utdallas.edu/copyright/ is available to provide assistance, answers, and references.
  • Standards Documents
  • Procedure for obtaining access to user data