Information Security

Penn State Information Security establishes, implements, and maintains a University-wide security program. We protect the confidentiality, integrity, and availability of Penn State’s information from unauthorized use, access, disclosure, modification, damage, or loss. Information Security remains committed to keeping sensitive information safe from ongoing cyber threats. Penn State’s information is valuable. We’ll help you understand the sensitivity of that information and show you how to protect it.

**Information Security Leadership**

Bob Turner, Chief Information Security Officer

New faculty may want to contact Information Security to:

Obtain answers and direction regarding security guidelines in advance of and preparation for research activities.
Report a suspected phishing attempt by forwarding the email to phishing@psu.edu.

Top 5 Items Faculty Should Know About Information Security

*Top Items faculty should know about Information Security*
	Information about Penn State information security can be found on the Information Security website Links to an external site..
	There are five administrative policies related to Information Security: AD95: Information Assurance and IT Security Links to an external site. AD96: Acceptable Use of University Information Resources Links to an external site. AD53: Privacy Policy Links to an external site. AD97: Penn State Identification Numbers (PSU IDs) Links to an external site. AD22: Health Insurance Portability and Accountability Act (HIPAA) Links to an external site.
	Data at Penn State, including research data, is protected by Secure Enclaves. Data is classified into 4 levels: Level 4 - Restricted Level 3 - High Level 2 - Moderate Level 1 - Low Any system storing or processing level 4 or level 3 data must receive an Authority to Operate (ATO). More information can be found at the Information Classification Decision Tool Links to an external site. and Secure Enclaves and Authority to Operate (ATO). Links to an external site.
	If you receive an email that you believe is phishing, please forward it to phishing@psu.edu. This will help us reduce these incidents for our users. If you are aware of or concerned about a possible security incident, please refer to Incident Response Links to an external site. for instructions.
	If you need access to Penn State resources when you are not on campus, please see the GlobalProtect Remote Access VPN - Overview Knowledge Base article Links to an external site.. (You may need to log into ServiceNow to view the article.)

Information Security Fun Facts

In the first quarter of 2025, Information Security responded to more than 2,412 phishing emails, and there were 606 account compromises.

Penn State Information Security manages 173,182 active accounts. The Total Persons records managed is almost 6.5 million.

Additional Resources and Contact Information

Resources

Information Security website Links to an external site.
Links to an external site.Multifactor Authentication Links to an external site.
View and manage information and settings related to your account at Account Management Links to an external site.

Information Security Contact Information

Office email: security@psu.edu
Office phone: 814-867-6207
Campus location: Technology Support Building