Information Security
Education, Training, and Awareness

Three key components for keeping people, systems, and data secure are technical safeguards, administrative safeguards, and physical safeguards. However, safeguards are generally worthless if users are unaware of them. To this end, we will be posting different types of training and awareness materials on this page. Some material will be used to supplement existing awareness activities like new employee or new student orientations, while other material will cover specific topics in more depth than can be covered in general orientation programs.

For this material to be effective, it must be dynamic and it must be relevant. Check this page frequently for new material.

The Health Science Center Information Security Awareness campaign

"I just left it for a minute!" (October 2009) Don't let a stolen laptop ruin your day or your career. See how it happens in this 30-second message. Click on the picture. [Click here] to see our related awareness poster.
International Bureau of Information Exchange (May 2009) Could this happen to you? Find out in this 30-second message. Click on the picture. [Click here] to see our related awareness poster.

The Health Science Center Information Security Public Service Security Presentations
These links are accessible only from within the University.

Protecting Your Research Data Originally presented on October 22, 2009 Full running time - 65 min 58 sec This presentation was sponsored by the Vice President for Research and the Department of Information Security & Assurance. Learn how industrial espionage can affect your career and how you can protect your valuable research data. Click on the picture.
Protecting Your Children Online Originally presented on October 29, 2009 Full running time 67 min 0 sec This presentation was sponsored by the Department of Pediatrics and the Department of Information Security & Assurance. Learn the steps you can take to protect your loved ones. Topics range from predators and cyberbullying to undesirable content. Click on the picture.
Protecting Yourself Against Identity Theft Originally presented on November 3, 2009 Full running time - 93 min 7 sec (with questions) This presentation was sponsored by Business Affairs and the Department of Information Security & Assurance. Learn what current threats are out there and what you can do to protect your identity online and offline.

Information Security Awareness material from other organizations

From the Virginia Information Technologies Agencies (VITA)
The Duh's of Security - Produced by VITA's Commonwealth Security and Communications department, this is an Information Security awareness video promoting simple, common sense behavior changes that will strengthen the security of information. The approach is humorous but the message is effective. With subtitles. (13 min)

From OnGuardOnline.gov
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Interent fraud, secure your computer, and protect your personal information.
Phishy Home - A phisher pays an unexpected visit to someone's home. (1 min)
Phishy Office - A phisher shows that phishing can happen when you least expect it - even at the office. (1 min)
Phishy Store - A phisher visits a clothing store in hopes of getting a shopper's financial information. (1 min)

From EDUCAUSE - Computer Security Awareness Video Contest Winners - Click on the picture
Superhighway Safety - Nathan Blair [Savannah College of Art and Design] (3 min 10 sec)
Wasteland - Eric Marth [College of William and Mary], Mark Thyrring [University of Virginia] (27 sec)
The McCumber Cube - Kory Godfrey [Idaho State University] (2 min 58 sec)
Bob, You've Been Phished - Kevin Atef, Johnson Chau, Michael Wong [Cal Poly Pomona] (2 min 58 sec)
Act Now - Stay Current - Stephen Hockman, Christina Manikus, John Sease, Erin Shulsinger [James Madison University] (29 sec)
Act Now - Fraud - Stephen Hockman, Christina Manikus, John Sease, Erin Shulsinger [James Madison University] (30 sec)
Act Now - Know Your Sources - Stephen Hockman, Christina Manikus, John Sease, Erin Shulsinger [James Madison University] (31 sec)
Computer Security 101 - Darren Homme [St Cloud State University] (3 min 9 sec)
Computing in a Community Environment, Part I: Phishing and Viruses - Rebecca Boswell, Alex Creswick, Drew Crofton, Nick Drader, Matthew Fetter [Wake Forest University] (2 min 44 sec)
Computing in a Community Environment, Part II: Laptop Care - Rebecca Boswell, Alex Creswick, Drew Crofton, Nick Drader, Matthew Fetter [Wake Forest University] (2 min 22 sec)
Computing in a Community Environment, Part III: Legal Downloading - Rebecca Boswell, Alex Creswick, Drew Crofton, Nick Drader, Matthew Fetter [Wake Forest University] (2 min 10 sec)
Computing in a Community Environment, Part IV: Back Yo Data Up! - Rebecca Boswell, Alex Creswick, Drew Crofton, Nick Drader, Matthew Fetter [Wake Forest University] (1 min 42 sec)
Gone Phishing - Nazir Agah, Albert Antiguera, Jesse Cowan, Dwight Phelps, Tin Ingle, Jason Kott [George Mason University] (2 min 36 sec)
Guide to Technology - Miguel Berg [University of Delaware] (2 min 36 sec)
Hands - Eric Marth [College of William and Mary], Mark Thyrring [University of Virginia] (20 sec)
Laptop Theft - Adam Stackhouse [College of William and Mary] (1 min 1 sec)
Locks - Eric Marth [College of William and Mary], Mark Thyrring [University of Virginia] (32 sec)
Password Strength and Security - James Kulbacki [Cal Poly Pomona] (2 min 36 sec)
Phished Out - William Schoettler [University of Michigan] (3 min 8 sec)
Phishing for Kenny - Miguel Berg [University of Delaware] (2 min 56 sec)
Phishing - Would You Do That? - Alma Cole, Steven Hernandez, Clark Moresbach, Zack Zeigler [Idaho State University] (3 min 1 sec)
Sam Spam, Master Detective - Daniel Bruhn, Ben Simmons [Indiana University] (3 min 37 sec)
Vintage - Eric Marth [College of William and Mary], Mark Thyrring [University of Virginia] (1 min 22 sec)
Virus Software - Andrew Centafonte, Doug Standford, Jill Verillo, Lindsey Wilson [James Madison University] (30 sec)

Orientation materials

New Faculty and New Staff Orientation-FY2009
Full page slides handout
Notes pages handout
6-slides-per-page handout
New Student Orientations
Full page slides handout - Color (best for viewing)
Full page slides handout - Black and White (best for printing)
Notes pages handout
6-slides-per-page handout

UT System \ SANS Institute Training Opportunities

Discounted Training Available to Health Science Center Faculty and Staff

The University of Texas System Information Security Office has negotiated with the SANS Institute to provide low-cost online training to faculty and staff members across all University of Texas components, including the Health Science Center.

This training would normally cost between $400 and $3500, depending on the course. Our negotiated costs for the courses are either $225 or $500, with the exception of three of the highly technical courses which require more material and correspondingly higher prices. Our discounted prices represent savings as high as 86%.

These courses are online and self-paced, and each enrollee has four (4) months or ten (10) weeks to complete each purchased course, depending on the selected course. Besides the online course material, each student will receive all the books, CDs, and all other technical material that classroom-led students would receive. Class instructors and other SANS faculty are available by e-mail or telephone if students have any questions.

Several of the courses have associated professional certifications available for an additional cost; the prices for the certifications are 20% off the usual price.

[Click here] to see the course offerings and instructions for enrolling.

General Topics

Confidentiality Statement
Sending information in e-mail, both within the University and to the outside, is frequently considered ordinary and day-to-day. Periodically, though, information of a more sensitive nature must be communicated. When that happens, recipients should be made aware that the e-mail is out of the ordinary and should receive special handling. To this end, the Information Security Office and the University's Legal Office have worked together to develop a confidentiality statement that can be added to your e-mail to raise the recipient's awareness of the material in the message. We recommend that this statement be used prudently and only on messages where the statement truly applies. Overuse of the confidentiality statement could lead to the statement being ignored. A prime use of the statement would be when using the University's secure e-mail product.
Here is the text of the suggested confidentiality statement:
Confidentiality Notice: The information in this e-mail , including any attachments, may be confidential, privileged, or otherwise protected from disclosure. This e-mail is intended to be reviewed only by the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination, or copying of this e-mail and its attachments, if any, or the information contained herein is prohibited. If you have received this e-mail in error, please immediately notify the sender by return e-mail and delete this e-mail from your system. Thank you.

Unauthorized Peer-to-Peer (P2P) Software
Peer-to-peer software is not authorized for use on University computers or on the University network. This link is to a page with a large representative list of peer-to-peer products. The list is not intended to be comprehensive, just a sample.

May 29, 2009 - President Obama announces a U.S. cyber security plan
See the video presented by MSNBC. (16 min 31 sec) Read the Cyberspace Policy Review that lead to this decision.

Information Security Education, Training, and Awareness

Information Security
Education, Training, and Awareness