Data Security Module 1 Training
Important Notice:Skillsoft content is no longer available via Internet Explorer. Skillsoft content is currently any book, video, EHS or professional development content on the CSU Learn platform. This includes Data Security Module 1. We recommend updated browsers such as Chrome and Firefox to complete online trainings.
In accordance with system-wide Information Security policy, faculty, staff and student employees are required to complete the Data Security Module 1 training on a periodic basis. Most faculty, staff, and student employees are required to complete the onlinetraining once every three years with periodic refresher updatesin between. Those with privileged access to information assets or access to confidential datawill require more frequent and specialized training and are required to take the training annually.
The goal of Data Security Module 1 training is to better educate 鷻 employees on good information security practices both at home and at work. The training is meant to be convenient and is Internet-based so you can complete it from any computer (training cannot be completed from mobile devices at this time). You may also start and stop the training as your schedule permits.
Accessing the Data Security Module 1 Training Through CSU Learn
All CSU campuses, including 鷻, have transitioned to a training program for faculty, staff and student employees.To access the training program, follow these steps:
Visitusing Chrome or Firefox.
Alternatively, type incsu.sumtotal.hostinto the search bar to access the webpage.
On the CSU Login page, selectNorthridgefrom the dropdown menu.
Log in using your鷻 user IDandpassword.
SelectAssigned Learningto display the courses.
SelectData Security Introduction And FERPA (Module 1)
Non-Level 1 users complete the training once every three years, whileLevel 1users complete the training annually.
SelectRegisterto begin the training.
If you have any questions or require assistance with accessing training, please contact Information Security at(818) 677–6100.
In-Depth Security Topics for 鷻
USB storage devices, especially USB Flash Drives are notorious among hackers due to inexpensive cost and portability. Plugging a USB Storage Device in 鷻-owned workstations can jeopardize thesecurity posture of a 鷻 workstation and the data contained within it. USB storage devices are one of the easiest channels to spread an infection to a workstation and network. Disabling USB storage devices also discourages use and the storing of unencrypted Level 1 or Level 2 data on flash drives and external hard drives. USB drives are small and easy to lose. If data is unencrypted, the data is easily accessible to non-authorized individuals. The USB Storage Devices used in 鷻 workstations must be encrypted.
For more information and a video on the dangers of USB storage devices and to request an exception, please visit theUSB Storage Device Exception page.
The purpose of theIdentity Theft Red Flag and Security Incident Reporting Procedureis to provide information to assist individuals in 1) detecting, preventing, and mitigating identity theft in connection with the opening of a “covered account” or any existing “covered account” or who believe that a security incident has occurred and 2) reporting a security incident. For more information or to report an incident, please visit theIdentity Theft Red Flag & Security Incident Reportingpage.
Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is toneverenter your 鷻 user ID and password in response to an email request. For more information on how to protect yourself, visit theAvoid Fraudulent Email Messagespage.
The need to protect confidential information such as social security numbers and credit card numbers is well understood. Sensitive student and employee data that are accessed daily at 鷻 as part of faculty and staff responsibilities however, also need to be protected. This includes information such as grades, GPAs, test scores, advising records, addresses and other personal contact information. Familiarize yourself with different types of confidentialand sensitive data that needs to protected by visitingCSU Data Classificationpage.
Smartphones and tablets areminiaturecomputerscapable of accessing personal and university data via the web, email, Box, the myNorthridge portal, and other resources. Review 鷻'sSecure Your Mobile Devicepage. In the event 鷻-owned or your personal device is lost or stolen,promptly report to theDepartment of Police Services.
For more tips and how-to guides visit 鷻'sTips & Guidespage.
Ninjio is an animated series, inspired by real events and security breaches, that explains different topics in Cybersecurity, including how these breaches could have been avoided. 鷻 gives staff and students access to four of these videos a year through Box. Below are the current videos available to watch:
This episode is based on the Dallas siren's hack. A hacker enters the system through spear phishing and blares the tornado alarm for 90 minutes, causing mass panic and even injuries. Spear phishing is when a hacker targets a specific individual at an organization, usually using information from their social media page, and compromises their account. Once they have access to one employee account it opens the door for more vulnerabilities. Watch this episode to find out the hacker's process in gaining control of the alarm, and how the situation could have been avoided.
A hacker creates a fake wi-fi hotspot to trick an employee into handing over their login information. Fake hotspots are difficult to distinguish from real ones, so it is important to always use caution when deciding whether to use a public wi-fi network. This one careless action led to millions of passwords, e-mails, and usernames being stolen.
This video is based on the McDonald's Twitter breach. An employee'spassword is compromised due to weak, recycled passwords. Learn about Multi-factor Authentication (MFA) and passphrases.
A critical-infrastructure security firm recently warned against hackers probing US infrastructure targets. One of these probes is to use a USB that was placed in a location that someone would pickup and plug it into a company computer.