SANS: Core Education Series Module Descriptions

Core Education Series

The Core Education Series is intended to provide all employees with the training needed to be compliant with overall security awareness standards. The 15 modules in this series portray realistic, memorable scenarios that are transferable to everyday tasks, and the series can be completed in less than 50 minutes. Whether it is your first time participating in the Core Education Series or whether it is a refresher, we strongly encourage all staff and faculty members to complete this series so that everyone is well informed about best practices for maintaining information security.

Social Engineering 02:45

Many of today’s cyber attacks are based on social engineering. This module explains what social engineering is, how attackers fool people, and the most common indicators of an attack. It also demonstrates a real-world example of such an attack and how to detect and respond to it.

Passwords 03:29

Passwords are critical for information security. Employees learn why passwords are important and what makes a strong password, with an emphasis on passphrases. In addition, how to protect and safely use passwords, including the use of different passwords, password managers, and not sharing passwords with others is covered.

Social Network 02:14

Social networking sites are a primary communication tool where people freely share information. This module provides examples of the risks of sharing information online and steps that employees can take to prevent identity theft, spreading malware, scams, and targeted attacks.

Data Security and Data Destruction 04:19

Note: This module is required for most of the compliance videos.

Organizations have a tremendous amount of sensitive information that they must take extra steps to protect. This module explains these steps, including using only authorized systems to store or process sensitive information, restrictions on transferring or sharing such information, and requirements for securely disposing of sensitive data.

Privacy 01:54

This module explains what privacy is, why it’s important (including respecting the privacy of others), and steps people should take to protect it. This module does not apply to any specific law, regulation, or standard. Instead, it is an overview of privacy concepts and their importance.

Personally Identifiable Information (PII) and Social Security Numbers 03:12

Prerequisite: Data Security and Data Destruction module.

This module explains what PII is and the extra steps employees must take to protect it and other types of confidential information. Examples include the use of encryption and personal email accounts, the sharing of sensitive information, using only authorized systems to store or process sensitive information, and securely disposing of sensitive data.

Health Insurance Portability and Accountability Act (HIPAA) 02:57

Prerequisite: Data Security and Data Destruction module.

This module explains what Protected Healthcare Information (PHI) is and covers the steps required to store, process, and use it. If your organization stores, transmits or processes any PHI, it is required to follow this standard.

Family Educational Rights and Privacy Act (FERPA) 04:32

Prerequisite: Data Security and Data Destruction module.

The Family Educational Rights and Privacy Act, also known as FERPA, is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. This module explains the rules and regulations all school faculty, staff, contractors, and student employees should follow when handing student information.

Malware 02:51

Malware is software that is used to perform malicious actions. This module explains what malware is and how it works, and it includes two examples: keyloggers and ransomware. The module also reviews misconceptions about malware, the importance of backups, and the need to report an infection as soon as it happens.

Working Remotely and Wi-Fi Security 02:40

For many organizations, employees no longer work at the office. Instead, they work from home or on the road while traveling. Since organizations no longer have physical control of people’s work environment, there are unique risks. This module focuses on how these employees can protect themselves, including laptop security and creating a secure, mobile working environment.

Red Flags Rule 03:28

The Red Flags Rule is a federal regulation that requires organizations to implement an Identity Theft Prevention program designed to detect the warning signs of identity theft. This module explains what these red flags are, what to look for, and the actions to be taken for data protection.

Targeted Attacks 03:55

Targeted attacks, such as spear phishing and CEO Fraud, involve extensive research on the target before the attack is launched. This module provides a real-world example of how a targeted attack works and how everyone in an organization can protect against them.

Browsing Safely 02:14

Browsers are the primary tool people use to access the Internet. As a result, browsers and their plugins are a common target for attackers. In this module employees learn how to browse safely, including keeping the browser and plugins updated, using HTTPS, and scanning what they download.

Email, Phishing, and Messaging 03:38

Phishing attacks are one of the most common methods cyber attackers use to target organizations. This module explains what phishing is, the different ways a phishing attack can work, and how to detect and stop them. In addition we cover how to use email securely, such as ensuring you are always emailing the correct person.

Mobile Device Security 02:52

Mobile devices today have the same functionality, complexity, and risks as a computer, but with the additional risk of being highly mobile and easy to lose. This module teaches how to keep mobile devices safe and secure, using strong passcodes, and keeping the device updated.

Updated: 4/11/2017