Main menu (IT)

Security Awareness Training

In accordance with system-wide Information Security policy, faculty, staff and student employees are required to complete Information Security Awareness training on a periodic basis. Most faculty, staff, and student employees are required to complete the online training once every three years with periodic refresher updates in between. Those with privileged access to information assets or access to confidential data will require more frequent and specialized training.

The goal of Information Security awareness training is to better educate CSUN employees on good information security practices both at home and at work. The training is meant to be convenient and is Internet-based so you can complete it from any computer (training cannot be completed from mobile devices at this time). You may also start and stop the training as your schedule permits because it is not time–dependent.

Accessing the Security Awareness Training

All CSU campuses, including CSUN, have transitioned to a training program for faculty, staff and student employees. To access the training program, follow these steps:

  • Visit CSU Learn
  • Log in using your CSUN user ID and password
  • Select Assigned Learning to display the courses
  • Select Data Security & FERPA
  • Select Start

If you have any questions or require assistance with accessing training, please contact Information Security at (818) 677–6100.

In-Depth Security Topics for CSUN

Dangers of USB Storage Devices

USB storage devices, especially USB Flash Drives are notorious among hackers due to inexpensive cost and portability. Plugging a USB Storage Device in CSUN-owned workstations can jeopardize the security posture of a CSUN workstation and the data contained within it. USB storage devices are one of the easiest channels to spread an infection to a workstation and network. Disabling USB storage devices also discourages use and the storing of unencrypted Level 1 or Level 2 data on flash drives and external hard drives. USB drives are small and easy to lose. If data is unencrypted, the data is easily accessible to non-authorized individuals. The USB Storage Devices used in CSUN workstations must be encrypted.

For more information and a video on the dangers of USB storage devices and to request an exception, please visit the USB Storage Device Exception page

Incident Reporting

The purpose of the Identity Theft Red Flag and Security Incident Reporting Procedure is to provide information to assist individuals in 1) detecting, preventing, and mitigating identity theft in connection with the opening of a “covered account” or any existing “covered account” or who believe that a security incident has occurred and 2) reporting a security incident. For more information or to report an incident, please visit the Identity Theft Red Flag & Security Incident Reporting page. 

Beware of Scams and Phishing Emails

Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is to never enter your CSUN user ID and password in response to an email request. For more information on how to protect yourself, visit the Avoid Fraudulent Email Messages page. 

Confidential vs. Sensitive Data

The need to protect confidential information such as social security numbers and credit card numbers is well understood. Sensitive student and employee data that are accessed daily at CSUN as part of faculty and staff responsibilities however, also need to be protected. This includes information such as grades, GPAs, test scores, advising records, addresses and other personal contact information. Familiarize yourself with different types of confidential and sensitive data that needs to protected by visiting CSU Data Classification page. 

Mobile Device Security

Smartphones and tablets are miniature computers capable of accessing personal and university data via the web, email, Box, the myNorthridge portal, and other resources. Review CSUN's Secure Your Mobile Device page. In the event CSUN-owned or your personal device is lost or stolen, promptly report to the Department of Police Services.

Tips & Guides

For more tips and how-to guides visit CSUN's Tips & Guides page.

Ninjio Awareness Videos

Ninjio is an animated series, inspired by real events and security breaches, that explains different topics in Cybersecurity, including how these breaches could have been avoided. CSUN gives staff and students access to four of these videos a year through Box. Below are the current videos available to watch:

Season 2, Episode 7: 156 Alarms

This episode is based on the Dallas siren's hack. A hacker enters the system through spear phishing and blares the tornado alarm for 90 minutes, causing mass panic and even injuries. Spear phishing is when a hacker targets a specific individual at an organization, usually using information from their social media page, and compromises their account. Once they have access to one employee account it opens the door for more vulnerabilities. Watch this episode to find out the hacker's process in gaining control of the alarm, and how the situation could have been avoided. 

Season 1, Episode 9: The Wi-Fi Trap

A hacker creates a fake wi-fi hotspot to trick an employee into handing over their login information. Fake hotspots are difficult to distinguish from real ones, so it is important to always use caution when deciding whether to use a public wi-fi network. This one careless action led to millions of passwords, e-mails, and usernames being stolen.

Season 2, Episode 6: My Password is Password

This video is based on the McDonald's Twitter breach. An employee's password is compromised due to weak, recycled passwords. Learn about Multi-factor Authentication (MFA) and passphrases.

Season 4, Episode 9: USB Nation

A critical-infrastructure security firm recently warned against hackers probing US infrastructure targets. One of these probes is to use a USB that was placed in a location that someone would pickup and plug it into a company computer.