Cal Maritime uses the Duo multi-factor authentication (MFA) app to verify cadets, faculty, and staff when accessing any web-based service that requires a Cal Maritime username and password.

duo MFA user guide

Unique credentials will be used for accessing all Cal Maritime information systems.

AUTHENTICATION user guide

Cal Maritime continues to make improvements when it comes to security, while also taking strides to educate cadets, faculty and staff on how to report and spot attacks.

malware and phishing user guide

Encrypting data helps mitigate the disclosure of sensitive and confidential information... the loss of which can have a damaging impact on the institution's reputation and finances.

encryption user guide 

All electronic devices that contain data must be processed through IT Support for disposals and transfers.

electronic device disposal guide

The Cal Maritime's Information Security Program provides direction for managing and protecting the confidentiality, integrity and availability of Cal Maritime information assets. In accordance with the California State University's Information Security Policy 8035, this Information Security Program contains administrative, technical and physical safeguards to protect campus information assets. Unauthorized modification, deletion or disclosure of information assets can compromise the mission of Cal Maritime, violate individual privacy rights and possibly constitute a criminal act.

Security awareness training

This section describes the process used to report events which have the potential to negatively impact the confidentiality, integrity, or availability of Cal Maritime's information assets.

The incident response cycle begins when a suspicious event is observed. Individuals in functional campus areas must either contact the IT Help Desk at helpdesk@csum.edu or contact the Information Security Officer directly. Depending on the nature of an incident (e.g. burglary, robbery) the end user may send an email to policedepartment@csum.edu and include any details regarding the asset was lost, the type of data lost (sensitive data or not), serial number, asset tag, time and location of the item that was lost.

Information security incidents are considered high priority and take precedence over normal Cal Maritime business operations. Managers who supervise functional campus areas must be prepared to manage work priorities, applying their judgment to the scope and impact of an incident in accordance with direction provided by the Information Security Officer.

The Incident Response Roles and Responsibilities document (Word) outlines the duties of the Cal Maritime community regarding the handling of information security incidents.

In cases where confidential (e.g. Level 1 or Level 2) data may be involved, the initial IT point of contact in the corresponding functional campus area must complete an Incident Response Form (Word) and escalate the issue to the IT Security Team in accordance with the instructions on the Incident Response Form. Isolated, low impact, events that do not put confidential data at risk generally can be handled without using this form.

lost equipment guide