Information and Cybersecurity

There are several information security related policies that apply to all users of University information and to those with access to University information assets. Departments and campus partners with access to confidential data must review and understand the policies, procedures and standards related to information security.    

The best information security strategy is a multi-layer of protection through leadership, cybersecurity, computing continuity, risk transfer (insurance and contracting), and secure partnerships.   


The UO Information Security Office provides information security services to the UO community, including vulnerability scanning, security consulting, and incident response.  

Information Security Office   


Policies, Procedures, and Standards

Report an Incident   

Report an Incident (Service Portal) 

Resources and Training 

  • UO Phish Tank:  The UO Phish Tank is a collection of suspicious email messages that have been reported to the UO Information Security Office.  
  • UO Information Security Articles topics include personal computer security, mobile device security, data security guidelines and more!  

Information and Cybersecurity Tips for Students and Staff  

  • Create a strong password that combines letters, numbers, and special characters. Never share your password with anyone, for any reason. By protecting your password, you also protect the important resources and data to which your password grants you access. Keep passwords secured, not on a post-it notes!  
  • Change your password regularly. Do not use the same password across multiple websites. UO requires students, faculty, and staff to change their university computing account password at least every 180 days (about 6 months).  
  • Understand when to be suspicious. Be suspicious of emails requesting personal information, containing spelling errors, or claiming your account will be reset. For the latest in Phishing Scams, visit UO’s Phish Tank 
  • Be careful when using USBs. These drives and other external devices can be infected, so only accept them if they are provided by known, trusted sources.  
  • Mobile devices, smartphones, and tablets. Use the passcode feature; set up phones to lock after five minutes of inactivity. Review UO’s mobile device security guidelines.   
  • Physical Security and Unintended disclosures. It is important to remember that data may still be exposed through unlawful entry into a building, sifting through garbage or stealing a UO laptop from your locked car. Be sure to follow your building security protocols, shred confidential reports and information, and never leave your electronics in an unattended vehicle in open view.