We all have a role to play in protecting U-M's data and the systems that store and handle it. To support that role, we need to educate ourselves and others as outlined in Information Assurance Awareness, Training, and Education (DS-16).

  • Faculty, staff, and students. Take advantage of the resources here on the Safe Computing website and elsewhere to help you learn to protect yourself and the university from cyber threats.
  • U-M units. Require training as appropriate for users of your unit systems and services that store or process sensitive university data.

Data Protection Training

The online training courses below are available to any interested faculty member, staff member, or student at no charge. Some individuals may be required to take them based on the work they do at the university. To have any of these courses required of and assigned to employees in your unit, contact [email protected].

  • Data Protection 100: Your Shared Responsibility (in My LINC). This course covers why it is important to protect U-M data and resources, what risks exist and how you can avoid them, and how you can fulfill your responsibility for protecting the university.
  • DCE101 U-M Data Protection and Responsible Use (in My LINC). Recommended training for all members of the university community who have access to administrative data systems. This is the companion training that goes along with the attestation to the Institutional Data Access and Compliance Agreement that is required for access to some systems. Some systems require annual reattestation for access.
  • Graduate Student Research Assistants (GSRAs) Protecting Data GSRAs can start here to understand their shared responsibility to protect sensitive data.
  • Controlled Unclassified Information (CUI) Protections (in My LINC). Required for staff or researchers who work with CUI data or with the systems used to store CUI.
  • ITSE110: HIPAA and Protected Health Information: What U-M Staff Need to Know (in My LINC). This eLearning course for U-M staff covers how to appropriately handle Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
  • ITSE120: Payment Card Industry Security Standards (in My LINC). This eLearning course for U-M staff provides an overview of Payment Card Industry (PCI) Data Security Standards (DSS). It includes information on PCI DSS requirements and scenarios where U-M staff may encounter and need to report potential security breaches.
  • RO100 FERPA at U-M (in My LINC). This eLearning course, provided by the Registrar's Office, teaches faculty, researchers, staff, and students how to responsibly handle student data in accordance with FERPA (Family Educational Rights and Privacy Act).

Courses for ITS Staff

U-M Cybersecurity Basic Training

  • Look Before You Click. Beware of Phishing! (in My LINC). Learn about the practice of phishing, including spear phishing. Recognize clues that reveal phishing emails, inspect links in suspicious emails, identify what to do if you are not sure about an email, and take corrective steps if you take the bait.
  • Don't Fall for Phish! Test your phish detection skills in this U-M online training. You will review email messages and decide which are phishing scams and which are legitimate messages. You'll also get to review the clues that indicate phishiness.
  • Anti-Phishing Education: Simulated Phishing. IA provides consultation, reviews, and approvals for units interested in doing simulated phishing for educational purposes.
  • Using Your Devices Securely with U-M Data. Learn how to set up your device and manage U-M data at home and abroad.
  • Copyright Compliance Quiz. Test your knowledge of what you can and cannot share from your computer and mobile devices.
  • Cybersecurity Challenge. Test your IT security knowledge and learn more about phishing lures, online scams, identity theft, laptop snatches, and more.

Safe Computing Curricula

  • Safe Computing Curriculum. Share this in your unit for people to work through on their own. Offers IT security and privacy/confidentiality best practices to help you safeguard the university’s digital assets. You can track your progress as you work through each module.
  • Phishing Curriculum. This curriculum is intended for use by units that want to provide anti-phishing education and awareness. It consists of a series of sequential emails that can be sent over a period of days, weeks, or months to help people learn to protect themselves—and U-M—from phishing.