CU: Information Security Awareness

Duration: 30 minutes

Languages: English, Spanish

Overview: This course covers essential security principles related to data management at CU:

  • How to report a suspected or actual security incident.
  • Your responsibility when managing sensitive university data.
  • Recognizing phishing scams through practical examples.
  • Key features of a strong password.
  • The importance of multi-factor authentication.
  • Indicators of possible insider threat.

The course was updated September, 2024. 

Audience:  All CU employees must complete the training within the first 60 days of employment and every two years thereafter. Learn more about this requirement. 

Access to the course 

CU: Information Security for IT Service Providers

Duration: 40 minutes

Overview

  • Provides an overview of security practices and policies for IT services providers.
  • Has a target audience that includes employees, students, contractors, and POIs who serve as programmers, server/workstation support, account administrators, webmasters, and others.
  • Covers policy, security management, access management, physical and environmental security, and incident detection and reporting.
  • Includes a 10-question quiz that learners must pass with 100% to receive credit.
  • Requires learners to acknowledge they will uphold confidentiality and agree to access information only as required for authorized tasks.

OIS recommends that departments establish this training as a required course for those within the targeted audience. (The course is updated annually.)

Audience: An IT Service Provider (ITSP) is any person that designs, builds, implements, supports, or provides an IT service to university departments or individuals. ITSPs include website administrators, workstation support staff, server administrators, software programmers, application developers, data network technicians, user account administrators, computer center personnel, and more.

Access to the course 

CU: Controlled Unclassified Information (CUI)

Duration: 40 minutes

Overview: Controlled Unclassified Information (CUI) is unclassified but sensitive information relating to the interests of the U.S. government. Upon completion, you will be able to:

  • Identify security risks to CUI
  • Prevent improper access to or use of CUI
  • Mark CUI according to regulations
  • Report incidents that put CUI at risk
  • Find resources for additional information on CUI

Audience: As a member of a research team working with CUI, you are responsible for keeping it safe from unauthorized access and release. This course is required for all who generate or use data that has been designated as CUI, including:

  • Principal Investigators (PIs)
  • Faculty, staff, or students
  • External contractors

Access to the course 

CU: IT Security PCI DSS v4

Duration: 45 minutes

Overview: This course identifies the major changes from version 2 to version 3 of the Payment Card Industry Data Security Standard (PCI DSS). Four important guidelines are covered:

  • Version changes to the PCI Data Security Standard
  • Building a security-minded culture
  • Scoping the cardholder data environment
  • Completing a Self-Assessment Questionnaire

Audience: The target audience is current Campus Merchants and their IT staff; general PCI system users such as: accountants, ticket sellers, and cashiers who work with PCI security compliance.

Access to the course 

CU: HIPAA Regulations

Duration: 30 minutes

Overview: This course covers the basics of HIPAA privacy and security for CU System Administration.

Audience: All CU System Administration employees who use HIPAA-protected information are required to take this course.

Access to the course