In accordance with system-wide Information Security policy, faculty, staff and student employees are required to complete Information Security Awareness training on a periodic basis. Most faculty, staff, and student employees are required to complete the online training once every three years with periodic refresher updates in between. Those with privileged access to information assets or access to confidential data will require more frequent and specialized training.
The goal of Information Security awareness training is to better educate CSUN employees on good information security practices both at home and at work. The training is meant to be convenient and is Internet-based so you can complete it from any computer (training cannot be completed from mobile devices at this time). You may also start and stop the training as your schedule permits because it is not time–dependent.
Accessing the Security Awareness Training
All CSU campuses, including CSUN, have transitioned to a training program for faculty, staff and student employees. To access the training program, follow these steps:
If you have any questions or require assistance with accessing training, please contact Information Security at (818) 677–6100.
In-Depth Security Topics for CSUN
Dangers of USB Storage Devices
USB storage devices, especially USB Flash Drives are notorious among hackers due to inexpensive cost and portability. Plugging a USB Storage Device in CSUN-owned workstations can jeopardize the security posture of a CSUN workstation and the data contained within it. USB storage devices are one of the easiest channels to spread an infection to a workstation and network. Disabling USB storage devices also discourages use and the storing of unencrypted Level 1 or Level 2 data on flash drives and external hard drives. USB drives are small and easy to lose. If data is unencrypted, the data is easily accessible to non-authorized individuals. The USB Storage Devices used in CSUN workstations must be encrypted.
Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is to neverenter your CSUN user ID and password in response to an email request. For more information on how to protect yourself, visit the Avoid Fraudulent Email Messages page.
Confidential vs. Sensitive Data
The need to protect confidential information such as social security numbers and credit card numbers is well understood. Sensitive student and employee data that are accessed daily at CSUN as part of faculty and staff responsibilities however, also need to be protected. This includes information such as grades, GPAs, test scores, advising records, addresses and other personal contact information. Familiarize yourself with different types of confidential and sensitive data that needs to protected by visiting CSU Data Classification page.
Mobile Device Security
Smartphones and tablets are miniature computers capable of accessing personal and university data via the web, email, Box, the myNorthridge portal, and other resources. Review CSUN's Secure Your Mobile Device page. In the event CSUN-owned or your personal device is lost or stolen, promptly report to the Department of Police Services.
Ninjio is an animated series, inspired by real events and security breaches, that explains different topics in Cybersecurity, including how these breaches could have been avoided. CSUN gives staff and students access to four of these videos a year through Box. Below are the current videos available to watch:
This episode is based on the Dallas siren's hack. A hacker enters the system through spear phishing and blares the tornado alarm for 90 minutes, causing mass panic and even injuries. Spear phishing is when a hacker targets a specific individual at an organization, usually using information from their social media page, and compromises their account. Once they have access to one employee account it opens the door for more vulnerabilities. Watch this episode to find out the hacker's process in gaining control of the alarm, and how the situation could have been avoided.
A hacker creates a fake wi-fi hotspot to trick an employee into handing over their login information. Fake hotspots are difficult to distinguish from real ones, so it is important to always use caution when deciding whether to use a public wi-fi network. This one careless action led to millions of passwords, e-mails, and usernames being stolen.
A critical-infrastructure security firm recently warned against hackers probing US infrastructure targets. One of these probes is to use a USB that was placed in a location that someone would pickup and plug it into a company computer.