Information Security Training at UC Santa Cruz

UC Santa Cruz ITS seeks to ensure that all members of the campus community have security training appropriate to their roles. The following security-related trainings are online and available to the UCSC campus community unless otherwise indicated.

Current Information Security Trainings by Role

All UC Employees:

• UC Cybersecurity Awareness Fundamentals Training (required)

All ITS Staff:

• ITS General Computer Security and Policy Training (required)
• SANS Technical Training (available). Vouchers are available for on-demand and live remote training. Supervisors should contact ispolicy@ucsc.edu for additional information.

UISLs:

• Unit Information Security Lead (UISL) Training (required)

System/Data Stewards:

• Roles and Responsibilities of System/Data Stewards (required). This is a one-time, in-person training. Contact Campus Privacy at privacy@ucsc.edu for more information.

Application Administrators/Developers:

• Unit Information Security Lead (UISL) Training (required)
• Open Web Application Security Project (OWASP) Foundation Top Ten (recommended)
• OWASP Cheat Sheet Series Project (recommended)
• SANS SEC522: Application Security: Securing Web Apps, APIs, and Microservices (recommended)

Compliance-Related Trainings 

The following trainings are required for all employees who handle PCI, HIPAA, and/or FERPA data:

Via UC Learning Center 

• FERPA Training (require CruzID logon)
• PCI DSS Security Awareness Training (require CruzID logon)
• Health Care Privacy Training (previously HIPAA) (require CruzID logon)

Publicly Available

• UCSC Policy on Privacy of Student Records: A Quick Reference
• HIPAA Security Rule Overview
• ITS HIPAA Training (initial training + annual refresher)
• Campus PCI Guide

Other Available Trainings

• Federal Virtual Training Environment (FedVTE)
• Cybersecurity at Work (LinkedIn Learning) 
• Information Management: Document Security (LinkedIn Learning)