All U-M community members have a shared responsibility for protecting university data and digital assets. Educating ourselves and others as outlined in Information Assurance Awareness, Training, and Education (DS-16) helps each of us fulfill that responsibility.
- Faculty, staff, and students. Take advantage of the resources on the Safe Computing website to learn how to use data responsibly and protect yourself and the university from cyber threats.
- U-M units. Offer, and where appropriate require, data protection training for staff, faculty, and students in your unit. Engage with your Security Unit Liaison to assess your needs and explore education options.
Data Protection Training in My LINC
The online training courses below are available in My LINC to any interested faculty, staff, or student. Some individuals may be required to take them based on the work they do at the university.
Overview Courses
- DCE101: U-M Data Protection and Responsible Use
This course provides practical guidance on how to protect sensitive U-M data and systems, as well as how to protect your privacy and personal information. It includes resources for working with data regulated by laws and regulations. This course is required for those with access to U-M administrative information systems. - New! DPE110: Data Protection for Unit IT
This course provides IT professionals with an overview of their shared responsibility for protecting the university’s digital assets. This includes understanding data classification at U-M, gaining basic knowledge of FERPA, HIPAA, and PCI, and learning how to safeguard institutional data and stay safe online. This course is required for all employees of Information and Technology Services (ITS). To have it assigned to IT professionals in your unit, contact [email protected].
Data-Specific Courses
- ITSE110: HIPAA and Protected Health Information: What U-M Staff Need to Know
This course covers how to appropriately handle Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). - ITSE120: Payment Card Industry Security Standards
This course provides an overview of Payment Card Industry (PCI) Data Security Standards (DSS). It includes information on PCI DSS requirements and scenarios where U-M staff may encounter and need to report potential security breaches. - RO100: FERPA at U-M
This course, authored by the Registrar's Office, teaches faculty, researchers, staff, and students how to responsibly handle student data in accordance with the Family Educational Rights and Privacy Act (FERPA). - PEERRS_CUI_T100: Controlled Unclassified Information (CUI) Protections
This course is required for staff or researchers who work with CUI data or with the systems used to store CUI. - Copyright Compliance Quiz
This ten-question quiz tests your knowledge of what you can and cannot share from your computer and mobile devices.
Additional Cybersecurity Training
The following training options for improving awareness of cybersecurity threats and how to avoid them. They are available to any interested faculty, staff, or student.
Safe Computing Curricula
- Safe Computing Curriculum
Share this curriculum in your unit for people to work through on their own. Offers IT security and privacy/confidentiality best practices to help you safeguard the university’s digital assets. - Phishing Curriculum
- Units that want to provide anti-phishing education and awareness can employ this curriculum, which consists of a series of sequential emails that can be sent over a period of days, weeks, or months.
Anti-Phishing Training
- Look Before You Click. Beware of Phishing!
Learn to recognize clues that reveal phishing emails, inspect links in suspicious emails, identify what to do if you are not sure about an email, and take corrective steps if you take the bait. - Don't Fall for Phish!
Test your phish detection skills in this U-M online training in which you review email messages and decide which are phishing and which are legitimate. - Anti-Phishing Education: Simulated Phishing
IA provides consultation, reviews, and approvals for units interested in doing simulated phishing for educational purposes.