Data Security Module 1 Training
听
Important Notice:听Skillsoft content is no longer available via Internet Explorer. Skillsoft content is currently any book, video, EHS or professional development content on the CSU Learn platform. This includes Data Security Module 1. We recommend updated browsers such as Chrome and Firefox to complete online trainings.
In accordance with system-wide Information Security policy, faculty, staff and student employees are required to complete the Data Security Module 1 training on a periodic basis. Most faculty, staff, and student employees are required to complete the online听training once every three years with periodic refresher updates听in between. Those with privileged access to information assets or access to confidential data听will require more frequent and specialized training and are required to take the training annually.
The goal of Data Security Module 1 training is to better educate 快活林性息 employees on good information security practices both at home and at work. The training is meant to be convenient and is Internet-based so you can complete it from any computer (training cannot be completed from mobile devices at this time). You may also start and stop the training as your schedule permits.
Accessing the Data Security Module 1 Training Through CSU Learn
All CSU campuses, including 快活林性息, have transitioned to a training program for faculty, staff and student employees.听To access the training program, follow these steps:
Visit听听using Chrome or Firefox.
Alternatively, type in听csu.sumtotal.host听into the search bar to access the webpage.
On the CSU Login page, select听Northridge听from the dropdown menu.
Log in using your听快活林性息 user ID听and听password.
Select听Assigned Learning听to display the courses.
Select听Data Security Introduction And FERPA (Module 1)
Non-Level 1 users complete the training once every three years, while听Level 1听users complete the training annually.
Select听Register听to begin the training.
If you have any questions or require assistance with accessing training, please contact Information Security at听(818) 677鈥6100.
In-Depth Security Topics for 快活林性息
USB storage devices, especially USB Flash Drives are notorious among hackers due to inexpensive cost and portability. Plugging a USB Storage Device in 快活林性息-owned workstations can jeopardize the听security posture of a 快活林性息 workstation and the data contained within it. USB storage devices are one of the easiest channels to spread an infection to a workstation and network. Disabling USB storage devices also discourages use and the storing of unencrypted Level 1 or Level 2 data on flash drives and external hard drives. USB drives are small and easy to lose. If data is unencrypted, the data is easily accessible to non-authorized individuals. The USB Storage Devices used in 快活林性息 workstations must be encrypted.
For more information and a video on the dangers of USB storage devices and to request an exception, please visit the听USB Storage Device Exception page.听
The purpose of the听Identity Theft Red Flag and Security Incident Reporting Procedure听is to provide information to assist individuals in 1) detecting, preventing, and mitigating identity theft in connection with the opening of a 鈥渃overed account鈥 or any existing 鈥渃overed account鈥 or who believe that a security incident has occurred and 2) reporting a security incident. For more information or to report an incident, please visit the听Identity Theft Red Flag & Security Incident Reporting听page.听
Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is to听never听enter your 快活林性息 user ID and password in response to an email request. For more information on how to protect yourself, visit the听Avoid Fraudulent Email Messages听page.听
The need to protect confidential information such as social security numbers and credit card numbers is well understood. Sensitive student and employee data that are accessed daily at 快活林性息 as part of faculty and staff responsibilities however, also need to be protected. This includes information such as grades, GPAs, test scores, advising records, addresses and other personal contact information. Familiarize yourself with different types of confidential听and sensitive data that needs to protected by visiting听CSU Data Classification听page.听
Smartphones and tablets are听miniature听computers听capable of accessing personal and university data via the web, email, Box, the myNorthridge portal, and other resources. Review 快活林性息's听Secure Your Mobile Device听page. In the event 快活林性息-owned or your personal device is lost or stolen,听promptly report to the听.
For more tips and how-to guides visit 快活林性息's听Tips & Guides听page.
Ninjio is an animated series, inspired by real events and security breaches, that explains different topics in Cybersecurity, including how these breaches could have been avoided. 快活林性息 gives staff and students access to four of these videos a year through Box. Below are the current videos available to watch:
This episode is based on the Dallas siren's hack. A hacker enters the system through spear phishing and blares the tornado alarm for 90 minutes, causing mass panic and even injuries. Spear phishing is when a hacker targets a specific individual at an organization, usually using information from their social media page, and compromises their account. Once they have access to one employee account it opens the door for more vulnerabilities. Watch this episode to find out the hacker's process in gaining control of the alarm, and how the situation could have been avoided.听
A hacker creates a fake wi-fi hotspot to trick an employee into handing over their login information. Fake hotspots are difficult to distinguish from real ones, so it is important to always use caution when deciding whether to use a public wi-fi network. This one careless action led to millions of passwords, e-mails, and usernames being stolen.
This video is based on the McDonald's Twitter breach. An employee's听password is compromised due to weak, recycled passwords. Learn about Multi-factor Authentication (MFA) and passphrases.
A critical-infrastructure security firm recently warned against hackers probing US infrastructure targets. One of these probes is to use a USB that was placed in a location that someone would pickup and plug it into a company computer.
听