Human Firewall Training for Employees
The Cyber Security Training, Education, & Awareness (CSX TEA) program engages all users to focus attention on security and help build relevant cyber security skills. OUIT CSX TEA aims to educate the University community about security best practices and to help end users understand security risks, policies and compliance, mitigation strategies, and data protection.
Employee Human Firewall Training
In October 2020 the Smart Phishing & Training program launched for staff. To learn more about the Human Firewall Training Program at OU, review our Human Firewall page.
We partnered with Human Resources to provide new employees, on all campuses, awareness presentations, phishing simulations, and training courses through KnowBe4.
We can work with your department to conduct internal phishing assessments to determine risk and training needs.
HSC Employees- Additional Required Standards
In addition to Human Firewall training, HSC employees must follow the required standards listed below.
All portable computing devices (PCDs) used for University Business must be encrypted per the Portable Computing Device Security Policy. New purchases of USB/Flash/Thumb drives and external hard drives must be hardware-based FIPS 140-2 Level 2 Validated AND 256-bit Advanced Encryption Standard (AES). Military-Grade FIPS PUB 197 Validated does NOT meet the minimum requirement. The drives listed below have been approved by IT Security to be used for University Business.
Encrypted USB/Flash/Thumb Drives
- Aegis Secure Key 2.0
- Aegis Secure Key 3.0
- Aegis Secure Key 3z
- IronKey D300 (Standard Model Only)
- IronKey S1000 (Basic Model Only)
Encrypted External Hard Drives
Aegis offers several varieties of 256-bit AES external hard drives. (All are NOT FIPS 140-2 Level 2 Validated). Models listed below meet both requirements.
- Aegis Fortress 3.0
- Part # A25-3PL256-xxxxF (xxx= drive size in GBs)
- https://www.apricorn.com/fortress
- Aegis Padlock DT FIPS 3.0
- Part # ADT-3PL256F-xxxx (xxx= drive size in GBs)
- https://www.apricorn.com/aegis-padlock-dt-fips
Previously purchased USB drives must meet the following requirements:
- Hardware-based FIPS 140-2 Level 2 Validated AND 256-bit Advanced Encryption Standard (AES)
OR
- Drives should be compatible with Dell Data Protection (DDP) or McAfee File and Folder encryption software
- Drives must be 3TB or less
- Drives must encrypt 100 percent of all stored data
- Drives must not allow removal of encryption software
- Drive password rules should comply with Password Complexity requirements per the Password Management Policy
Please contact your local computer support group or the IT Technology Sales office for information on how to purchase encrypted USB drives.
Individuals should attempt to stop any IT incident as it occurs. All suspected information security incidents must be reported promptly. To learn more about what counts as an incident and what to do during an incident, please review the Security Incident help article.
The Information Security Risk Assessment Process is intended to assist Business Units with understanding the technology risks associated with technology-related products and services. Requesting an Information Security Risk Assessment early in the process will help avoid delays later.
Information Security Risk Assessment Policy
All information system resources receiving, storing, and/or transmitting University data must have a Product Review completed by OUHSC IT to identify risks and necessary regulatory controls. Information Security Risk Assessment Policy
This policy applies to:
- Implementation of a new or upgraded multi-user Information System
- Solutions requiring an interface to an existing Information System
- Contracting with a third-party service for software or technology service
- Implementing a solution interacting with regulated data (ePHI, PCI, FERPA, PII)
- Software not covered by OUHSC Site or Volume licenses
- Multi-function or Network Printers
- Purchase of servers and network equipment
- Purchase of digital signage and classroom audio/visual equipment not maintained by Academic Technology
- Purchase of cloud, networked or removable storage
- Medical/Research Devices
- Software not covered by OUHSC Site or Volume licenses
This policy does not apply to:
- Desktops and laptops
- Computer accessories, peripherals, and supplies
- DVDs, CDs, and videotapes
- Software covered by OUHSC Site or Volume licenses
- Desktop (non-networked) printers and toner cartridges
- Backup tapes
- Camcorders, digital cameras, DVD players
- Non-networked Smart TVs
- Smart Phones
- Headsets
- Keyboards
- Microphones
- Wired or Wireless Mouse
- Power Cords/Adapters
- Presenter pointer/clicker
- Projector accessories
- UPS Power Supply, battery backup
- Webcams
A Security Risk Assessment includes assessments and reviews for external compliance standards such as NIST, HIPAA, PCI, GDPR, and FERPA or more general guidelines from the Center for Internet Security. Reviews covering compliance and internal policies and best practices are also available. Assessments include what tools and services OU IT can leverage, such as sensitive data storage options.
Alerts & Recommendations
- CISA- Cybersecurity & Infrastructure Security Agency (Partners with FBI)
- FBI- Federal Bureau of Investigation Cybersecurity
- National Cybersecurity Alliance
- InfoSecurity Magazine
