Published Tuesday, October 2nd, 2018
Happy Cyber Security Awareness Month!! As we’ve discussed in the newsletter for some time, we’re implementing mandatory cyber security awareness training for all WSC employees.
Happy Cyber Security Awareness Month!! As we’ve discussed in the newsletter for some time, we’re implementing mandatory cyber security awareness training for all WSC employees. We’ll be doing annually starting this October in conjunction with Cyber Security Awareness Month.
The training is available now at https://access.sans.org/go/wsc
But wait, John – I thought you said be cautious about clicking foreign site links in e-mail that ask you to login (very good – very, very good – way to be cautious! J ). We’ve also linked the training through eCampus so you can navigate through a trusted site. Login to eCampus (ecampus.wsc.edu) then navigate to Online Resources/SANS Security Training.
It is fully online and you can run it in your favorite browser. Do be aware that you’ll need to enable pop-up windows for the site. The training consists of 19 modules (plus 7 more for those of us with access to lots of data). Each module takes 5-10 minutes and consists of a short video followed by a quiz. Modules can be completed at your own pace, but all employees must complete all assigned modules prior to the end of October.
One correctional note: In the module regarding FERPA, the standard SANS training treats student e-mail address as directory information. While this is typical, this is NOT true for NSCS schools. We treat student e-mail as non-directory (and therefore private) information.
In many of the videos, you are encouraged to reach out to the help desk, information security team, or your supervisor with any questions you have. In the case of WSC, you can reach out to the Service Center at 7107 as your first point of contact. We are currently working on documents to help the Service Center respond to those requests quickly and accurately.
Why is this mandatory? Well – a couple of reasons:
- It’s the right thing to do. Data is an incredibly valuable resource for us and for our students and it is an attractive target for online criminal activity. Lest you think that we’re too small a target, just two weeks ago WSC was specifically targeted with a phishing attempt where the attacker had analyzed our org structure and impersonated an employee trying to encourage others to act on their behalf. Despite all our technical efforts to defend our electronic ‘borders’, it is our collective human response to cyber threat that best determines our collective safety.
- Federal law (the Gramm-Leach-Bliley Act) requires that we have to have a security awareness training program for all employees who have access to covered data (which is pretty much all of us). While we have done that with less formal methods in the past, we are facing increasing pressure to have a formal program.
The training is provided through the SANS Institute, a non-profit research and education organization that has existed since 1989 and is one of the key bastions in defending the Internet from cyber threats. The curriculum itself is highly rated and informative. We hope you find it so – and maybe even enjoyable.
Lastly – we would recommend against ever wearing red sunglasses with a dark hoodie (you’ll see what we mean J ).
Thanks for your cooperation in this important work to keep our systems, data, and students safe!