SANS Securing The Human Security Training

Overview

Securing The Human - End User Awareness training (STH) provides extensive employee security awareness training that targets today's weakest link in enterprise security - the human. STH goes beyond just compliance and addresses the most common risks using a proven framework based on the 20 Critical Security Controls. The program contains 24 awareness modules and 19 compliance modules. Each module includes an online assessment. STH awareness training addresses numerous standards including PCI DSS, HIPAA, FISMA, ITAR, ISO 27001, and FERPA.

Though this training is not mandatory, Information Security highly recommends participation since it contains highly valuable information. The training modules are outlined below.

A complete list of SANS Securing The Human Training Modules can be found here.

Are you interested in enrolling your department employees to receive this voluntary training?  If so, please contact ISEC at 898-3247.

*Only CSU, Chico Staff, Faculty, and Student Employees can access these trainings*

Security Awareness Modules for Faculty (Recommended Courses)

Social Engineering                                             03:11

Many of today’s most common cyber-attacks are based on social engineering. As such, this module explains what social engineering is, how attackers fool people and what to look out for. We then demonstrate a common social engineering attack. We finish with how people can detect these attacks and how to respond to them.

Email & Messaging                                             04:21

One of the primary means of hacking people is through email. Email is used for both simple, large-scale attacks and more targeted spearphishing attacks. We explain how these attacks work, including recent examples of phishing, spearphishing, malicious attachments and other email-based attacks. We then explain how these types of attacks work for almost any type of messaging technology. We then explain how to detect and stop these attacks.

FERPA                                                                 04:33

The Family Educational Rights and Privacy Act, also known as FERPA, is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. This module explains the rules and regulations all school faculty, staff, contractors and student employees should follow when handling student information. This module is built on and requires people to watch the Data Security module first.


Security Awareness Modules for Staff (Recommended Courses)

Social Engineering                                             03:11

Many of today’s most common cyber-attacks are based on social engineering. As such, this module explains what social engineering is, how attackers fool people and what to look out for. We then demonstrate a common social engineering attack. We finish with how people can detect these attacks and how to respond to them.

Email & Messaging                                             04:21

One of the primary means of hacking people is through email. Email is used for both simple, large-scale attacks and more targeted spearphishing attacks. We explain how these attacks work, including recent examples of phishing, spearphishing, malicious attachments and other email-based attacks. We then explain how these types of attacks work for almost any type of messaging technology. We then explain how to detect and stop these attacks.

Mobile Device Security                                      02:51

Today’s mobile devices, including tablets and smartphones, are extremely powerful. However, they also come with a growing number of risks. In most cases, these devices have the same functionality, complexity and risks as a computer, but with the additional risk of being highly mobile and easy to lose. We cover how to use mobile devices safely and how to protect the data on them.


Security Awareness Modules for Administrators (Recommended Courses)

Email and Messaging                                          04:21

One of the primary means of hacking people is through email. Email is used for both simple, large-scale attacks and more targeted spearphishing attacks. We explain how these attacks work, including recent examples of phishing, spearphishing, malicious attachments and other email-based attacks. We then explain how these types of attacks work for almost any type of messaging technology. We then explain how to detect and stop these 

Senior Leadership                                               04:31

Senior management is often one of the most challenging groups to train due to their limited time and access. This module condenses all the key topics senior management needs to know in a single, high-impact training session.

International Travel                                           02:14

This module explains the data protection risks of international travel and the steps users can take to mitigate them.


Payment Card Industry Data Security Standard (PCI DSS) Compliance

Credit Card Acceptance PCI/DSS

Module 022: PCi DSS- If your organization stores, transmits or processes any cardholder data it is required to follow PCI-DSS. This module teaches what cardholder data is and the required steps for protecting and safely handling it. This module requires users to watch the Data Security module.