You are here

Information Security Training

The College requires all faculty and staff to take part in annual data security awareness training. Training consists of 8 to 10 required modules. The total duration of the required components in under 30 minutes.

This training is currently offered at the following site: https://leam.sans.org/learner_dashboard

At the end of each module, a quiz is displayed and must be correctly answered in order to complete it.  Below is the list of the 8 or 9 core modules:

  • You Are The Shield
  • Passwords
  • Browsing Safely
  • Data Security
  • Personally Identifiable Information (PII)
  • Email and Phishing
  • Mobile Devices
  • Targeted Attacks
  • Gramm-Leach-Bliley Act (GLBA)
  • Payment Card Industry Data Security Standard (PCI-DSS)

In keeping with our longstanding policy, individuals who have not completed the training after the deadline will have their network and email access disabled.

Drop-in Schedule 2019

For those without routine access to computers, the following times are available in Hogan 410 to drop-in and do the training with assistance from ITS. Training sessions will be posted on the ITS Training website.

Please work with your manager to determine an appropriate time to attend. For those departments with staff that may not check their email on a daily basis, please post this schedule.

Phishing Simulation Training

ITS conducts routine phishing attack simulations against faculty, staff, and students. On average, faculty and staff will receive one phishing simulation once every 10-15 days. Students will receive a bit fewer. These simulations are nonpunitive and results are kept confidential. The goal of the program is to improve our resiliency against such attacks. This program has been in place since 2016 and has proven to be an extremely effective tool in reducing our susceptibility to this type of fraud.

 

Security Tools Training

ITS and HR periodically offer training on specific security topics.  Presently there are three classes established.

Email and Data Security: How to handle protected and sensitive data, and how these data types can and cannot be used with email.

Windows Security Tools:  Encrypting documents and spreadsheets with Microsoft Office, Encrypting zip files with 7Zip, encrypting files with AES Crypt, and secure file deletion with Eraser.

Mac Security Tools:  Encrypting documents and spreadsheets with Microsoft Office, Encrypting zip files with Keka, encrypting files with AES Crypt, and secure file deletion with the built-in "secure empty trash" feature.

Contact Training@holycross.edu or check the Training website for a scheduling information of these and other training classes.

Individual or departmental training and consultations are available upon request to the Data Security Officer in ITS.