All ECU users are responsible for the information in their care. See these opportunities to help you meet this important goal.
Required Information Security Training for all Employees
Per the Information Security Regulation, all ECU employees are required to complete information security awareness training within 30 days of employment and university-designated refresher training at least once every two years. The official university-designated information security training course, Employee Best Practices in Information Security Training, is available online through Cornerstone.
Information Security Training for Managers and Supervisors
Some employees are most receptive to guidance when that information is delivered by those with direct authority over their work and priorities. To help supervisors with giving effective and accurate guidance to employees, an information security course designed for managers and supervisors is also offered. This course, Information Security Best Practices for ECU Management: Protecting the Information in Your Care, is available online in Cornerstone and is designed to complement our general security awareness training. This course is aligned with content presented in the security manual, Best Practices in Information Security for Administrative Heads.
Information Security Best Practices Manuals
ITCS publishes three security manuals designed to provide guidance to ECU employees in fulfilling responsibilities for protecting the information in their care. The three manuals, aligned with ISO 27002 controls (the university's standard and framework for campus-wide security), cover guidelines pertinent for three different audiences, one manual for all university employees, another for managers and supervisors and a third for IT support staff. Each best practice presented is accompanied by a statement of roles and responsibilities, an activities list and a link to the relevant security standard.
Training for HIPAA, GDPR, PCI, FERPA and Other Topics
In addition to the information security awareness courses described above, also offered at ECU are training opportunities related to several security-related specialized topics, including HIPAA privacy and security, GDPR FERPA and PCI compliance and others.
| Training course |
Mode of Instruction |
Registration |
| Employee Best Practices in Information Security Training |
Online |
Cornerstone
Developed by Information Technology and Computing Services (ITCS) |
| FERPA Training and Quiz |
Online |
PiratePort
Developed by the Office of the Registrar |
| GDPR Compliance: Essential Training |
Online |
Cornerstone
Offered by LinkedIn Learning |
| Gramm-Leach-Bliley Act (GLBA) |
Online |
Cornerstone
Content from InfoSec IQ |
| HIPAA Privacy Training |
Online |
Cornerstone
Offered by the Office of Institutional Integrity |
| HIPAA Security Training |
Online |
Cornerstone
Offered by the Office of Institutional Integrity |
| Information Security Best Practices for ECU Management: Protecting the Information in Your Care |
Online |
Cornerstone
Developed by Information Technology and Computing Services (ITCS) |
| Learning GDPR |
Online |
Cornerstone
Offered by LinkedIn Learning |
Learning Secure Payments and PCI
Note: This course does NOT satisfy the annual PCI training requirement. See the next entry. |
Online |
Cornerstone
Offered by LinkedIn Learning |
| PCI Security Awareness Training |
Employees with PCI security responsibilities are required annually to complete online training, and attest to receipt of PCI compliance documentation |
Contact Robin Mayo, Business systems Analyst, Systems Coordination Department |