Security Awareness Training – Verification and Frequently Asked Questions
Doug McCarthy, Unit Information Security Officer, [email protected]
If you have reached this page, it’s probably because you received a piece of e-mail with a Subject line of “Welcome to your UIC Security Awareness Training” sent out in the December 2017 timeframe.
Thanks for checking on its legitimacy by coming here!
This email is legitimate.
The training URL in it goes to https://uic.securingthehuman.org/ , which is hosted by an external company ACCC has engaged to give security awareness training to the UIC campus.
Frequently Asked Questions
Q. How do I know that this web page is legitimate?
A. Good question. Look up at the address bar of this web page. It should begin with “https://medicine.uic.edu” or “https://medicine.uic.edu/”. This is your guarantee that this site is hosted at UIC, and that it’s trustworthy.
Q. What can I expect from this Security Awareness Training course?
A. This training is a series of short modules, most less than 4 minutes long, that should take you no more than one hour to complete. The training doesn’t have to be completed all in one sitting. The training itself is about aspects of information security that Federal law requires every employee of the College of Medicine to take. When you are done, you will have a decent knowledge of information security issues, ways to detect problems, and steps to take to protect yourself and your data.
Q. Why is it being offered?
A. Security awareness training is required by Section SA.1 of the UIC IT Security Program. The training must be administered at least biennially. To help units satisfy the requirement, ACCC provides SANS Securing the Human security awareness training for colleges to use.
Q. I have already taken HIPAA training. Do I have to take this course as well?
A. Training which specifically covers HIPAA issues is different than this course, which covers general security issues. You still have to take this training.
Q. I don’t handle protected health information, or any confidential or high-risk data, as part of my job. Do I still have to take the training?
A. As an employee of UIC, you are required to take this training. It covers many relevant security topics, like setting passwords, social engineering, and physical security. It’s good information to have, whether you deal with confidential data or not.
Q. What is the penalty for not completing it?
A. Reports are sent to your department’s administrator at various times throughout the training window, and after the deadline has passed. Your department head will be in charge of deciding the appropriate response to non-compliance. Units that ignore the requirement may be able to escape notice for a period of time, but it will catch up with them eventually either in the UISO Annual Report, a finding by University Audits, or a security event in the unit that could have been prevented by appropriate training.
Q. The videos aren’t playing for me.
A. Some browsers display the videos better than others. If you are having trouble when you use your favorite browser, please try using Firefox instead.
Also, people have had difficulty in the past getting the videos to work from the Hospital or Mile Square networks. I suggest taking the training from a computer that is not on the Hospital or Mile Square networks.
Q. I completed a module, but the system isn’t reporting that I completed it. How do I get credit for completing it?
A. Most modules require you to answer some questions in order to get credit for completing them. There are two kinds of modules: interactive and non-interactive.
To satisfactorily complete interactive modules, make sure that you click on the check mark in the green circle at the end of the interactive section.
To satisfactorily complete non-interactive modules, make sure that you compete the multiple-choice questions at the end of the module.
Q. How can I prove to management that I have completed the training?
A. When you are finished, the system will automatically send you an email with instructions on how to receive a certificate of completion. You can print out an extra one and present it to your manager if you wish. In addition, a list of department members along with their completion status will be sent to the admins of each department on a regular basis throughout the training period, and after the deadline passes.