Skip to end of metadata
Go to start of metadata
Summary and Resources
Course Credit & Download page as a PDF
Download this page as a PDF for quick reference. For course credit, look for the "Feedback and Credit" button at the bottom of the page or go to our Credit SEC 0201 page now.
Your Cyber Security Responsibility and Requirements
You're responsible for the cyber security of computers and devices that you use or manage - plus the information that is stored on them. Make sure that you meet our Minimum Security Requirements. Don't hesitate to contact your line manager, Computer Security Liaision (password protected), or Cyber Security Operations at email@example.com.
Top threats: What to do and what not to do
Loss of PII
- If you see Personally Identifiable Information (PII) anywhere it does not belong, report it to firstname.lastname@example.org
- If you wish to report PII and remain anonymous, we can support that request
- If you work with PII, review our Protected Information Requirements
- If you are involved in any process that may involve PII, contact email@example.com and we'll help you develop the best controls and security
- Definition of PII: Social Security Number, Driver's License #, Financial Account Data, Individual identifier PLUS any type of health information
- Do not store PII on your computer, external hard drives, or mapped drives such as H: T: or V:
- Do not email PII.
- Do not store PII outside of HRIS or FMS, the institutional systems for human resources and financial data.
- Do not store paper collection of PII unless approved by Cyber Security Operations.
Spam and Phishing Attacks
- Report targeted spam or phishing to firstname.lastname@example.org
- For normal spam or phishing (not targeted), use your email client to flag it as spam
- Verify web and email addresses (e.g. make sure it's a .gov, not .com)
- Be wary of vague messages or references to new or unknown projects
- When viewing an email think, "could this be an attack?"
- Do not open attachments you are not expecting
- Do not click on links in emails you are not expecting
- Do not provide your username or password or any other account information via email
- Do not download a file that ends in .exe
- Check your browser plugins using go.lbl.gov/browsercheck
- PCs & Macs: Install BigFix on your work computer
- Set up auto updates for your operating system and applications when possible
- Install Antivirus software. Sophos is available for Berkeley Lab and home usage at software.lbl.gov
- Do not use Internet Explorer, except when required for business applications like FMS
- Do not ignore update notifications from your OS, browser, and third parties like Adobe
- Do not use old browser versions
Throughout the course, we mention a variety of tools - here they are, all in one place. You can also visit the Cyber Security website for more information and resources.
|Privacy and Protected Information Training||This training is required for employees that use or access PII. However, all employees are welcome to take it. ||Protected Information Training (SEC 0220)|
|Social Engineering||Spam and phishing rely on "social engineering" to trick you into clicking on that link or opening that bad attachment. You can read more about social engineering including other methods, e.g. telephone, media (CD's, DVD's, USB sticks), and the web.||Social Engineering - More Examples|
|Advanced training on Targeted Phishing||In order to raise awareness of current phishing scam tactics, the Berkeley Lab Cyber Security team sends emails to Berkeley Lab employees that simulate real phishing attacks||Sign up to receive Simulated Phishing |
Policies & Procedures
You can read more about all cyber-related RPM policies and procedures at our IT policy page.