Information Security

The Office of Information Security’s mission is to protect EWU’s computer networks and the information that flows over it. To fulfill this mission, our office provides a wide variety of services to the EWU community that help minimize the occurrence and risk of security incidents. We work closely with other higher education institutions, outside security organizations and researchers to keep informed of the latest information security trends.

What We Do

Our office performs the following functions:

  • Risk assessments
  • Vulnerability scans and penetration tests on our campus systems.
  • Monitors our Intrusion Detection System and server/firewall logs.
  • Intrusion/security incident response.
  • Security Education & Awareness training
  • Develop security policies and guidelines

Report an Incident

Any EWU employee or student who knows, or reasonably suspects, that personal information owned, maintained, or used by EWU has been acquired by an unauthorized person, should immediately report it so that we can assess whether or not a breach notification is required.

For purposes of EWU, personal information includes any of the following:

  • Social security number or last four digits of a social security number;
  • Driver’s license number or similar identification number;
  • Any numbers or information (e.g. account number, credit or debit card number, security or access codes or passwords) that would permit access to an individual’s financial account;
  • Full date of birth;
  • Private key that is unique to an individual and that is used to authenticate or sign an electronic record;
  • Student, military, or passport identification number;
  • Any information about medical history, mental or physical condition, or about a health professional’s medical diagnosis or treatment
  • Biometric data
  • User name or email address in combination with a password or security questions and answers that would permit access to an online account.
  • User name or email address in combination with a password or security questions and answers that would permit access to an online account

Notes: Student identification numbers were added to this list effective March 1, 2020.

If you suspect a security breach has occurred:

  1. Preserve Evidence: Avoid making any updates or other modifications to software, data, or equipment suspected to be involved
  2. Report the Incident:
    • Complete this web form.
    • If you need immediate assistance, call the IT Help Desk at 509-359-2247.
    • If you cannot complete this form, contact one or both of the following:
      • Brad Christ, AVP for Information Technology and CIO
        brad.christ at ewu dot edu
        509-359-2099
      • Annika Scharosch, AVP for Civil Rights, Compliance and Enterprise Risk Management
        ascharosch at ewu dot edu
        509-359-6724

The university is required by Washington State RCW 42.56.590, other state laws, and federal regulations to report breaches involving personal and FERPA-protected data.

Reporting Phishing Emails:

Please forward phishing emails to phishing@ewu.edu. If possible, please include the full email headers with your report.

Reporting viruses, malware and other incidents:

Please report virus/malware infections and other incidents by emailing infosecurity@ewu.edu or by using the help desk system