Skip to main content

Frequently Asked Questions

General FAQs

  • The purpose and practice of information security is to prevent unauthorized access, use, manipulation, distribution and destruction of information. The main focus is to protect the confidentially, integrity and availability of data with no or minimal disruption to campus processes, productivity, education and people.

  • The short answer is: all of us. We all play an important part in ensuring that we protect information and the systems that allow us to store, transmit, and access information. As students, faculty, and friends of the university, we should strive to make information security part of what we do—part of our daily lives.

  • Whether you’re a student, employee, or alumnus, you can start by protecting yourself by focusing on three main areas: securing your devices, keeping your software up to date, and practicing safe technology skills. As you do these things, not only will you protect yourself, but you will also help us secure BYU.

  • Because of the increasing number of cyber security attacks, information breaches, and fraud, we need to increase our information security across campus. We partner with the entire BYU community to support this objective. We do this by managing technical threats, securing systems through protection design and architecture, establishing and reinforcing policies and standards, and promoting informed security-driven decisions.

  • We partner with department IT personnel and others by providing consultation and support services including:

    • Account compromise remediation
    • Computer and network security incident investigation
    • Copyright infringement support
    • Forensic Analysis
    • Payment Card Industry (PCI) assessment and consultation
    • Penetration Tests
    • Proactive notice of external security threats to improve preparedness
    • Scanning for vulnerabilities and security weaknesses
    • Security assessments and reviews
    • Security awareness and training
    • Spam and email abuse reporting
    • Threat monitoring and risk mitigation
  • To report a security incident follow the directions on the Report an Incident page. Check out our Phish Bowl page for known phishing attempts. For all other concerns work through your department Computer Support Representative (CSR), email, or open an OIT request ticket. For a list of individual team members, visit our Security Team page.

Security Incident FAQs

  • An information security incident is defined as an attempted or successful unauthorized access, use, disclosure, modification, or destruction of information; interference with information technology operation; or violation of acceptable use policies. An IT security incident is any event that has or is likely to result in the compromise of the confidentiality, availability, or integrity of university information or a device that processes, stores, or transmits it. Examples of information security incidents include, but aren’t limited to:

    • Unauthorized attempts (failed or successful) to access, use, modify, disclose, or destroy information, information systems, architecture, and applications.
    • Loss or disclosure of sensitive university information.
    • Unauthorized access (or attempted access), use of or changes to system firmware, software or hardware.
    • Violation of acceptable use policies for BYU information or technology.
    • Interference with the operation or intended use of university information technology resources, including a denial of service attack.
    • Loss or theft of a university-owned device, or a personally-owned device that contains university data.
    • Unauthorized access to or exposure of sensitive information, such as Social Security numbers, whether accidental or intentional.
    • Unauthorized use of user credentials or impersonating another university user.
  • Before reporting a suspicious email message, review the list of recent phishing attempts reported at BYU in the Phish Bowl to see if it’s a known issue. You can also review tips on identifying phishing to protect yourself from these scams. To report a phish, forward the email as an attachment to Check out this article for detailed instructions.

    • Your contacts are receiving emails that you did not send.
    • Changes have been made to account that you did not make.
    • A pop-up window instructs you to call a number for ‘help’ or to update your software.
    • Changes appear to your class schedule, personal information or financial aid that you did not initiate.
    • Unwanted browser toolbars appear, or web searches are redirected.
    • Friends receive social media invitations you didn’t send.
    • Your password doesn’t work.
    • Unfamiliar software is installed unexpectedly.

    Note: This list is not all inclusive