The ITS Security team, a division of Information Technology Services (ITS), serves as the primary content manager for the ITS-05 Standard for Security Awareness and Training at the University of Nebraska. ITS-05 outlines the following three general categories:
- NU Annual Information Security Fundamentals - Faculty/Staff Bridge course. The course provides required user level cybersecurity education for every faculty and staff employee.
- Supplemental Awareness Initiatives - Phishing Simulations.
- Role-Based Training - Development available upon request.
Additionally, ITS Security offers free, online, and optional cybersecurity training content for faculty, staff, and student workers through the Bridge Learning Management System.
Benefits & Features
All all University of Nebraska employees are required to complete the NU Annual Information Security Fundamentals - Faculty/Staff Bridge Course. The course emphasizes knowledge in the following areas:
- Understanding Security Policy
- Protecting Your Identity
- Protecting Your Endpoint
- Procuring Technology
- Contacting ITS Support
This important training will help you keep your computers, accounts, and data, secure.
Additional optional training courses available through the learning library include data protection and destruction, phishing, mobile device security, USB device safety, malware and ransomware, safe web browsing, PCI DSS, and other content. All training is maintained within the Bridge LMS education platform. You can access Bridge by clicking the "Access Training" link on this page.
The Security Awareness & Training Program established the following goals for user education:
- Executive Memorandum 16
- Incident reporting procedures
- Password usage and management
- Unknown email attachments
- Social engineering, phishing, and spoofed emails
- Mobile device security
- Physical security and visitor control
- Social media use
- Data classifications and safe handling
- Secure work areas and traveling tips
- Legal requirements and regulations
- Implications of non-compliance with security policies
- Recognizing and reporting of potential insider threats
NU's Supplemental Awareness Initiatives (commonly referred to as NU phishing campaigns) are designed to measure and accomplish three goals:
- Reduce Risk of Account Compromise
- Increase Reporting & User Awareness
- Improve the Human Element of Detection
All phishing campaigns are non-punitive and the data is anonymous. Campaigns target very broad populations by campus and are never individually targeted. Participants will receive immediate feedback for accurate detection or a supplemental training message for inaccurate detection and interaction.
The requirement to complete the NU Annual Information Security Fundamentals course applies to all faculty, staff, and student workers.
Supplemental Awareness Initiatives include all employees and active students of the university who have been granted an email address.
The following groups are excluded from supplemental awareness initiatives:
- University Alumni
- University Police Departments
- Husker Athletics
- NU Contractors / Third Party Service Providers
There is no charge for this service, which is considered a common-good service.