Security Awareness Education at ECU

Summary

All ECU users are responsible for the information in their care. See these opportunities to help you meet this important goal.

Body

All ECU users are responsible for the information in their care. See these opportunities to help you meet this important goal.

Required Information Security Training for all Employees

Per the Information Security Regulation, all ECU employees are required to complete information security awareness training within 30 days of employment and university-designated refresher training at least once every two years. The official university-designated information security training course, Employee Best Practices in Information Security Training, is available online through Cornerstone.

Information Security Training for Managers and Supervisors

Some employees are most receptive to guidance when that information is delivered by those with direct authority over their work and priorities. To help supervisors with giving effective and accurate guidance to employees, an information security course designed for managers and supervisors is also offered. This course, Information Security Best Practices for ECU Management: Protecting the Information in Your Care, is available online in Cornerstone and is designed to complement our general security awareness training. This course is aligned with content presented in the security manual, Best Practices in Information Security for Administrative Heads.

Information Security Best Practices Manuals

ITCS publishes three security manuals designed to provide guidance to ECU employees in fulfilling responsibilities for protecting the information in their care. The three manuals, aligned with ISO 27002 controls (the university's standard and framework for campus-wide security), cover guidelines pertinent for three different audiences, one manual for all university employees, another for managers and supervisors and a third for IT support staff. Each best practice presented is accompanied by a statement of roles and responsibilities, an activities list and a link to the relevant security standard.

Training for HIPAA, GDPR, PCI, FERPA and Other Topics

In addition to the information security awareness courses described above, also offered at ECU are training opportunities related to several security-related specialized topics, including HIPAA privacy and security, GDPR FERPA and PCI compliance and others.

Training course Mode of Instruction Registration
Employee Best Practices in Information Security Training Online Cornerstone
Developed by Information Technology and Computing Services (ITCS)
FERPA Training and Quiz Online PiratePort
Developed by the Office of the Registrar
GDPR Compliance: Essential Training Online Cornerstone
Offered by LinkedIn Learning
Gramm-Leach-Bliley Act (GLBA) Online Cornerstone
Content from InfoSec IQ
HIPAA Privacy Training Online Cornerstone
Offered by the Office of Institutional Integrity
HIPAA Security Training Online Cornerstone
Offered by the Office of Institutional Integrity
Information Security Best Practices for ECU Management: Protecting the Information in Your Care Online Cornerstone
Developed by Information Technology and Computing Services (ITCS)
Learning GDPR Online Cornerstone
Offered by LinkedIn Learning
Learning Secure Payments and PCI
Note: This course does NOT satisfy the annual PCI training requirement. See the next entry.
Online Cornerstone
Offered by LinkedIn Learning
PCI Security Awareness Training Employees with PCI security responsibilities are required annually to complete online training, and attest to receipt of PCI compliance documentation Contact Robin Mayo, Business systems Analyst, Systems Coordination Department

 

Details

Details

Article ID: 67574
Created
Wed 9/30/20 3:58 PM
Modified
Thu 3/28/24 8:34 AM
Service Owner
Information Security