Security Awareness Training and Education
What is SATE?
Security Awareness Training and Education is an ongoing process of educating our network users on potential risks or security concerns. SATE has three components:
- Awareness is basic and concise information on a general security topic. Awareness is for everyone and is very important. If an employee is not aware of a security risk, they will not be able to spot or prevent that risk. The SecureUGA web site, and this web site are good examples of Awareness tools.
- Training is more in depth knowledge about specific security concerns. Employees who rely on parts of the UGA network to perform their job need to be trained about the risks that may affect their work environment. Infosec provides several training classes each semester, listed below.
- Education is an ongoing enrichment of deep knowledge regarding areas of expertise. IT Directors and Executives need to be educated on the risks their departments may encounter. Likewise, project leaders, specialists, and principle level employees should seek continuing education in their fields to keep their skills sharp. UGA periodically offers SANS Partnership and IVC courses to help educate our employees on specific security topics.
Awareness at UGA
One of our most effective awareness tools has been SecureUGA, part of the Securing Sensitive Data Initiative. Additional awareness topics can be found on this site, under Awareness on the left side menu. Keeping up to date on security awareness can be as simple as regularly visiting computer or security news web sites, like Slashdot or CNet. Topics presented on SecureUGA include:
- Your Role in SecureUGA
- Security in the Workplace
- What is Sensitive Data?
- Securing Portable Electronic Devices
- Password Security
- Identity Theft & Fraud
- Electronic Virus Protection
- Copyright and Fair Use
- Email and Web Security
- Online Personalities and Avatars
Training at UGA
Infosec provides several training opportunities at Staff Training & Development at the main Athens campus. These courses are typically 1-2 hours long and are available for free to all UGA employees. Many of these classes are also available online through EITS OnDemand, a distance learning and archived training service. The following are the courses offered during the 2008 fall semester. Please view the Training & Development Web site for the latest course listing.
Please click on the class title to view the archive, if available. You will need to minimize, and then restore the Content Window (popup) in order to display the presentation properly
| Infosec@UGA: What can Infosec do for you? | | PPT | ||
| Identity Theft: Protecting your good name | | PPT | ||
| User Security: Stay safe on the 'net | | PPT | ||
| Campus IT Vulnerability Management with Rapid7's NeXpose | | Archive | | PPT | |
| Incident Response | | Archive | | PPT | |
| Risk Management | | Archive | | PPT | |
| Web Application Security | | Archive | | PPT | |
| Web Application Penetration Testing | | Archive | | PPT | |
| CAN the SSN! | | Archive | | PPT | |
| Windows Server Security | | Archive | | PPT | | Handout |
Education at UGA
Education opportunities available to UGA employees primarily include regional conferences, week long training seminars, and national certifications. Educause, Tech-Ed, and SANS are examples of good education opportunities. These conferences often require travel and registration, which can be expensive. If your role could be greatly enhanced by courses offered at one of these conferences, ask your boss about your department's training budget to see if attendance is an option.
Additional Resources
- Awareness on SecureUGA
- ElementK - button along the top once logged in to MyUGA
- SANS Partnership
- SANS Ouch! - a well written newsletter for user security
- SANS Internet Storm Center - Learn about the latest IT Security news
- Educause IT Security Guide - IT topics across Higher Ed
- Educause Security Awareness
- REN-ISAC - National IT Security discussion and early warnings for Higher Ed
- ZDNet
- Wired
