Skip to end of metadata
Go to start of metadata

Summary and Resources

Course Credit & Download page as a PDF

Download this page as a PDF for quick reference. For course credit, look for the "Feedback and Credit" button at the bottom of the page or go to our Credit SEC 0201 page now.

Your Cyber Security Responsibility and Requirements

You're responsible for the cyber security of computers and devices that you use or manage - plus the information that is stored on them. Make sure that you meet our  Minimum Security Requirements. Don't hesitate to contact your line manager, Computer Security Liaision (password protected), or Cyber Security Operations at security@lbl.gov.

Top threats: What to do and what not to do

Top Threats

Do

Do not

Loss of PII

  • If you see Personally Identifiable Information (PII) anywhere it does not belong, report it to security@lbl.gov
    • If you wish to report PII and remain anonymous, we can support that request
  • If you work with PII, review our Protected Information Requirements 
  • If you are involved in any process that may involve PII, contact security@lbl.gov and we'll help you develop the best controls and security
  • Definition of PII: Social Security Number, Driver's License #, Financial Account Data, Individual identifier PLUS any type of health information
  • Do not store PII on your computer, external hard drives, or mapped drives such as H: T: or V:
  • Do not email PII.
  • Do not store PII outside of HRIS or FMS, the institutional systems for human resources and financial data.
  • Do not store paper collection of PII unless approved by Cyber Security Operations.

Spam and Phishing Attacks

  • Report targeted spam or phishing to security@lbl.gov
  • For normal spam or phishing (not targeted), use your email client to flag it as spam
  • Verify web and email addresses (e.g. make sure it's a .gov, not .com)
  • Be wary of vague messages or references to new or unknown projects
  • When viewing an email think, "could this be an attack?"
  • Do not open attachments you are not expecting
  • Do not click on links in emails you are not expecting
  • Do not provide your username or password or any other account information via email
  • Do not download a file that ends in .exe

Drive-by Downloads

  • Check your browser plugins using go.lbl.gov/browsercheck
  • PCs & Macs: Install BigFix on your work computer
  • Set up auto updates for your operating system and applications when possible
  • Install Antivirus software. Sophos is available for Berkeley Lab and home usage at software.lbl.gov
  • Do not use Internet Explorer, except when required for business applications like FMS
  • Do not ignore update notifications from your OS, browser, and third parties like Adobe
  • Do not use old browser versions

Tools, Software, and Services

Throughout the course, we mention a variety of tools - here they are, all in one place. You can also visit the Cyber Security website for more information and resources.

Tool, Software, or Service

Description

Link to Resource(s)

BigFix & Qualys BrowserCheck

BigFix will automatically patch Java and Flash plugins for PCs and Macs (only use for your work computer). Qualys BrowserCheck will check all of your plugins on any browser to see if any need to be updated (use for work and personal computers).

Network blocks

Vulnerable computers are blocked from network access

Sophos Anti-Virus

This is the cyber security team recommended Anti-Virus software. Available for Macs and PCs for work and home computers if used for work.

Download Sophos at http://software.lbl.gov . Look under the Security Software section. Installation instructions available here: https://commons.lbl.gov/display/itfaq/AntiVirus

MalwarebytesThis is additional supplemental Anti-Virus software available for Windows systems. It can work in combination with Sophos for additional protection.
Download Malwarebytes at http://software.lbl.gov . Look under the Security Software section. Usage instructions are available at https://commons.lbl.gov/x/2QMMBg

Change your Password Service

Use our password change service when required or when you have any reason to believe that your password has been compromised.

Backup Services

Berkeley Lab offers a number of services for backing up data.

Report theft of a mobile device

If any IT asset is lost or stolen, you should report it immediately using our form.

Spirion

This software searches your computer to identify any potential PII. Available for PCs and Macs.

Central Syslog

Macs and Linux/Unix systems must syslog to the central syslog server. Exemption: Do not syslog to the central syslog server if your computer is offsite or frequently offsite (e.g. a laptop).

Additional Training

TrainingDescriptionLink
Privacy and Protected Information TrainingThis training is required for employees that use or access PII. However, all employees are welcome to take it. 
Social EngineeringSpam and phishing rely on "social engineering" to trick you into clicking on that link or opening that bad attachment. You can read more about social engineering including other methods, e.g. telephone, media (CD's, DVD's, USB sticks), and the web.
Advanced training on Targeted PhishingIn order to raise awareness of current phishing scam tactics, the Berkeley Lab Cyber Security team sends emails to Berkeley Lab employees that simulate real phishing attacks

Policies & Procedures

You can read more about all cyber-related RPM policies and procedures at our IT policy page.

Download page as a PDF

Download this page as a PDF for quick reference.