Awareness, Training, and Education / safecomputing.umich.edu

Professional Associations
Many trade, industry, and governmental associations and agencies provide training and guidance. See IT Security & Privacy Professional Associations.

We all have a role to play in protecting U-M's data and the systems that store and handle it. To support that role, we need to educate ourselves and others as outlined in Information Assurance Awareness, Training, and Education (DS-16).

Faculty, staff, and students. Take advantage of the resources here on the Safe Computing website and elsewhere to help you learn to protect yourself and the university from cyber threats.
U-M units. Require training as appropriate for users of your unit systems and services that store or process sensitive university data.

Safe Computing Curricula

Safe Computing Curriculum. Share this in your unit for people to work through on their own. Offers IT security and privacy/confidentiality best practices to help you safeguard the university’s digital assets. You can track your progress as you work through each module.
Phishing Curriculum. This curriculum is intended for use by units that want to provide anti-phishing education and awareness. It consists of a series of sequential emails that can be sent over a period of days, weeks, or months to help people learn to protect themselves—and U-M—from phishing.

Resources to Share

Be Aware of the most common IT security threats.
Digital Signs—IT Security (U-M login required). Digital sign versions of IA security posters are available to the U-M community in a Dropbox at U-M folder.
Events related to cybersecurity and privacy sponsored by IA and others.
IA Publications to keep you informed about IT security and privacy at U-M.
IT Security Posters & Brochures. Post and distribute these to help educate your colleagues, friends, and others about key security issues.
Michigan Medicine Information Assurance Educational Resources. Posters, videos, and other resources from Michigan Medicine to promote IT security and privacy.
Protect Yourself by securing your devices, managing your passwords, and traveling safely with technology.
Safe Computing section of Michigan IT News. Includes tip articles with recommendations for rotecting your devices, recognizing phishing, traveling with technology, and more.

Education and Awareness Videos

IT Security—Our Shared Responsibility (2:07)
Overview of how you play an important role in protecting U-M systems and information.
You've Got a Site for That—Safe Computing (1:56)
Find tips, guidelines, and alerts on the Safe Computing website to help protect U-M systems and data, as well as your personal information and privacy.
IT Security Tips for When You Work from Home (2:18)
How to work securely from home to protect yourself and the university.
Privacy - We Are Our Choices (2:21)
Pervasive data collection can mean a loss in privacy. The choices we make can determine how much privacy we lose.
Protect Yourself & the University from Spear Phishing (4:14)
Phishing emails try to trick you into revealing your password and other private information. This puts you and U-M at risk. Don't be fooled.
Report an IT Security Incident (1:47)
What to watch for and how to report potential IT security incidents at U-M.
Safe Computing When Traveling (2:17)
Planning a big trip or a small excursion?
Secure Your Devices: For You and the U (2:26)
Secure your smartphones, tablets, and laptops to protect yourself and the university.
Securing U-M (1:55)
Securing U-M's open, academic environment by balancing security, education, openness, privacy, academic freedom, and free thought and expression.
Tips for Safe Videoconferencing (1:32)
Tips for using U-M tools and being a good host to secure your videoconferences.
ViziBLUE at U-M (1:40)
Students: find out what personal information the university collects and how it is used and shared.

You may also find these Security Awareness Episodes from the National Cybersecurity Alliance helpful.

U-M Cybersecurity Basic Training

Look Before You Click. Beware of Phishing! (in My LINC) Learn about the practice of phishing, including spear phishing. Recognize clues that reveal phishing emails, inspect links in suspicious emails, identify what to do if you are not sure about an email, and take corrective steps if you take the bait.
Don't Fall for Phish! Test your phish detection skills in this U-M online training. You will review email messages and decide which are phishing scams and which are legitimate messages. You'll also get to review the clues that indicate phishiness.
Anti-Phishing Education: Simulated Phishing. IA provides consultation, reviews, and approvals for units interested in doing simulated phishing for educational purposes.
Using Your Devices Securely with U-M Data. Learn how to set up your device and manage U-M data at home and abroad.
Copyright Compliance Quiz. Test your knowledge of what you can and cannot share from your computer and mobile devices.

Data Protection Training

The online training courses below are available to any interested faculty member, staff member, or student at no charge. Some individuals may be required to take them based on the work they do at the university. To have any of these courses required of and assigned to those in your unit, contact info-assurance@umich.edu.

DCE101 U-M Data Protection and Responsible Use (in My LINC). Recommended training for all members of the university community. This is the companion training that goes along with the attestation to the Institutional Data Access and Compliance Agreement that is required for access to some systems. Some systems require annual reattestation for access.
Graduate Student Research Assistants (GSRAs) Protecting Data GSRAs can start here to understand their shared responsibility to protect sensitive data.
ITSE101: HIPAA and Protected Health Information: What ITS Staff Need to Know (in My LINC). Required training for Information and Technology Services (ITS) staff and some others who may have access to systems containing HIPAA data.
ITSE102: Payment Card Industry Security Standards and ITS (in My LINC). Required training for staff who may have access to systems containing PCI data.
ITSE202: Advanced PCI Training (in My LINC). Required training for staff with access to systems containing PCI data.
ITSE106: Securing Controlled Unclassified Information (in My LINC). Required for staff or researchers who work with CUI data or with the systems used to store CUI.
ITSE110: HIPAA and Protected Health Information: What U-M Staff Need to Know (in My LINC). This eLearning course for U-M staff covers how to appropriately handle Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
RO100 FERPA at U-M (in My LINC). This eLearning course, provided by the Registrar's Office, teaches faculty, researchers, staff, and students how to responsibly handle student data in accordance with FERPA (Family Educational Rights and Privacy Act).

Applicable University Policies

You are responsible for complying with the policies and standards below. The requirements on this page help you meet that responsibility.

Information Assurance Awareness, Training, and Education (DS-16)