ITS transforms Carolina’s security awareness training
The University’s security awareness training has received a complete transformation this year. Led by the Information Security Office at Information Technology Services, the training educates ITS employees on the importance of securing campus data. Soon, other campus groups can access it.
“Introducing new awareness training has been a top-down effort,” said Charlie Mewshaw, IT Security Specialist with the Information Security Office.
Training evolves as data security changes
Information security is vital in protecting sensitive campus data, and the security awareness training seeks to educate individuals on the importance of protecting their — as well as the University’s — data. But data security changes, and educational training evolves along with it.
“It had been several years since the last revision, so to say that the content is a full refresh is accurate,” Mewshaw said.
Changes to the training reflected the evolving security landscape and the new resources that the University offers to combat data security threats. The Information Security Office is constantly visiting ways to improve the security awareness training.
Seeking feedback on training
“We are actively soliciting feedback on the training in hopes of continual improvement opportunities and intend to revisit the training on an annual basis,” Mewshaw said.
The security awareness training is designed as a module that contains a downloadable slideshow, It touches on subjects such as how to identify sensitive information, how to report an information security incident, and tips for protecting sensitive information. The module is followed by a quiz that reinforces learned content.
Incorporated ‘real life’ content
“ISO took the user experience into consideration when creating this module and focused on practical, ‘real life’ content that users can benefit from immediately,” Mewshaw said.
Soon, the training will be accessible for all University faculty, staff and students. The rollout will be meticulous and calculated.
Seeing the value
“The ISO is taking lessons learned from similar trainings on other topics and is making every effort to ensure that users see the value in the training,” Mewshaw said.
Individuals, particularly students, find mandatory training of any kind insignificant. But the University’s data is not the only information that requires protection.
“By completing this training, students will obtain the tools needed to protect both their own and the University’s data, which is a pretty great benefit,” Mewshaw said.
“The balancing act as a security office is protecting University data while minimizing impact to the University’s education and research goals,” he said.
By providing training that evolves alongside data security, the Information Security Office provides a vital, non-invasive resource to the campus community, protecting its members’ valuable data.