Skip Navigation

Employee Training Schedule & Standards

OU Information Technology, The University of Oklahoma website wordmark

For Raising Buttons on Subpages

Skip Side Navigation
Cyber security students reviewing laptop with Aaron Baillio

Human Firewall Training for Employees

The Cyber Security Training, Education, & Awareness (CSX TEA) program engages all users to focus attention on security and help build relevant cyber security skills. OUIT CSX TEA aims to educate the University community about security best practices and to help end users understand security risks, policies and compliance, mitigation strategies, and data protection. 

Employee Human Firewall Training

In October 2020 the Smart Phishing & Training program launched for staff. To learn more about the Human Firewall Training Program at OU, review our Human Firewall page.

Log in to Your KnowBe4 Account

We partnered with Human Resources to provide new employees, on all campuses, awareness presentations, phishing simulations, and training courses through KnowBe4.

Complete Your NEO Training with KnowBe4

We can work with your department to conduct internal phishing assessments to determine risk and training needs.

Submit a ticket to request training

HSC Employees- Additional Required Standards

In addition to Human Firewall training, HSC employees must follow the required standards listed below.

All portable computing devices (PCDs) used for University Business must be encrypted per the Portable Computing Device Security Policy. New purchases of USB/Flash/Thumb drives and external hard drives must be hardware-based FIPS 140-2 Level 2 Validated AND 256-bit Advanced Encryption Standard (AES). Military-Grade FIPS PUB 197 Validated does NOT meet the minimum requirement. The drives listed below have been approved by IT Security to be used for University Business.

Encrypted USB/Flash/Thumb Drives

  1. Aegis Secure Key 2.0
  2. Aegis Secure Key 3.0
  3. Aegis Secure Key 3z
  4. IronKey D300 (Standard Model Only)
  5. IronKey S1000 (Basic Model Only)


Encrypted External Hard Drives

Aegis offers several varieties of 256-bit AES external hard drives. (All are NOT FIPS 140-2 Level 2 Validated). Models listed below meet both requirements.

  1. Aegis Fortress 3.0
  2. Aegis Padlock DT FIPS 3.0


Previously purchased USB drives must meet the following requirements:

  • Hardware-based FIPS 140-2 Level 2 Validated AND 256-bit Advanced Encryption Standard (AES)


  • Drives should be compatible with Dell Data Protection (DDP) or McAfee File and Folder encryption software
  • Drives must be 3TB or less
  • Drives must encrypt 100 percent of all stored data
  • Drives must not allow removal of encryption software
  • Drive password rules should comply with Password Complexity requirements per the Password Management Policy

Please contact your local computer support group or the IT Technology Sales office for information on how to purchase encrypted USB drives.

Individuals should attempt to stop any IT incident as it occurs. All suspected information security incidents must be reported promptly. To learn more about what counts as an incident and what to do during an incident, please review the Security Incident help article.

Submit Incident Report

The Information Security Risk Assessment Process is intended to assist Business Units with understanding the technology risks associated with technology-related products and services. Requesting an Information Security Risk Assessment early in the process will help avoid delays later.

Information Security Risk Assessment Policy
All information system resources receiving, storing, and/or transmitting University data must have a Product Review completed by OUHSC IT to identify risks and necessary regulatory controls.  Information Security Risk Assessment Policy

This policy applies to:

  • Implementation of a new or upgraded multi-user Information System
  • Solutions requiring an interface to an existing Information System
  • Contracting with a third-party service for software or technology service
  • Implementing a solution interacting with regulated data (ePHI, PCI, FERPA, PII)
  • Software not covered by OUHSC Site or Volume licenses
  • Multi-function or Network Printers
  • Purchase of servers and network equipment
  • Purchase of digital signage and classroom audio/visual equipment not maintained by Academic Technology
  • Purchase of cloud, networked or removable storage
  • Medical/Research Devices
  • Software not covered by OUHSC Site or Volume licenses

This policy does not apply to:

  • Desktops and laptops
  • Computer accessories, peripherals, and supplies
  • DVDs, CDs, and videotapes
  • Software covered by OUHSC Site or Volume licenses
  • Desktop (non-networked) printers and toner cartridges
  • Backup tapes
  • Camcorders, digital cameras, DVD players
  • Non-networked Smart TVs
  • Smart Phones
  • Headsets
  • Keyboards
  • Microphones
  • Wired or Wireless Mouse
  • Power Cords/Adapters
  • Presenter pointer/clicker
  • Projector accessories
  • UPS Power Supply, battery backup
  • Webcams

A Security Risk Assessment includes assessments and reviews for external compliance standards such as NIST, HIPAA, PCI, GDPR, and FERPA or more general guidelines from the Center for Internet Security. Reviews covering compliance and internal policies and best practices are also available. Assessments include what tools and services OU IT can leverage, such as sensitive data storage options.

Learn More & Request Consultation

Alerts & Recommendations