We all have a role to play in protecting U-M's data and the systems that store and handle it. Learn how you can do your part to reduce risks and increase the security of the university's sensitive data and meet your responsibilities as outlined in Information Assurance Awareness, Training, and Education (DS-16).
Resources to Share
- IA Publications to keep you informed about IT security and privacy at U-M.
- IT Security Posters & Brochures. Post and distribute these to help educate your colleagues, friends, and others about key security issues. Digital sign versions of most of the posters are available to the U-M community in a Box at U-M folder: Safe Computing - Security Tips (Digital Signs).
- Events related to cybersecurity and privacy sponsored by IA and others.
- Tips & Videos with recommendations protecting your devices, recognizing phishing, and traveling with technology.
- Be Aware of the most common IT security threats.
U-M Cyber Security Basic Training
- Look Before You Click. Beware of Phishing! (in My LINC) Learn about the practice of phishing, including spear phishing. Recognize clues that reveal phishing emails, inspect links in suspicious emails, identify what to do if you are not sure about an email, and take corrective steps if you take the bait.
- Don't Fall for Phish! Test your phish detection skills in this U-M online training. You will review email messages and decide which are phishing scams and which are legitimate messages. You'll also get to review the clues that indicate phishiness.
- Anti-Phishing Education: Simulated Phishing. IA provides consultation, reviews, and approvals for units interested in doing simulated phishing for educational purposes.
- Using Your Devices Securely with U-M Data. Learn how to set up your device and manage U-M data at home and abroad.
- Copyright Compliance Quiz. Test your knowledge of what you can and cannot share from your computer and mobile devices.
Specialized Cybersecurity Training
From time to time, Information Assurance (IA) offers specialized training for U-M executives and IT staff. For example, IA purchased a limited number of seats in several Merit training courses throughout the 2017-18 academic year and invited people across the university to attend. Should further such training be offered, it will be listed here.
Training Required for Data Access
- DCE 101: Access and Compliance: Handling Sensitive Institutional Data at U-M (in My LINC). Required training for access to administrative and other systems along with attestation to the Institutional Data Access and Compliance Agreement.
- ITSE101: HIPAA and Protected Health Information: What ITS Staff Need to Know (in My LINC). Required training for Information and Technology Services (ITS) staff and some others who may have access to systems containing HIPAA data.
- ITSE102: Payment Card Industry Security Standards and ITS (in My LINC). Required training for staff who may have access to systems containing PCI data.
- ITSE202: Advanced PCI Training (in My LINC). Required training for staff with access to systems containing PCI data.
- ITSE106: Securing Controlled Unclassified Information (in My LINC). Required for staff or researchers who work with CUI data or with the systems used to store CUI.
You are responsible for complying with the policies and standards below. The requirements on this page help you meet that responsibility.