ITS

Information Technology Services
Information Technology Services

Cybersecurity Education and Awareness Program

About

What is the Cybersecurity Education and Awareness Program?

The purpose of the Cybersecurity Education and Awareness Program is to assess and prioritize the awareness and education needs of Queen’s students, staff, and faculty. The Program outlines a framework for providing security-related information and messaging to students, staff, and faculty in order to support general cybersecurity awareness.

What are the components of the program?

To strengthen Queen’s University’s security posture our Cybersecurity Education and Awareness Program includes 4 components:

  • Interactive Training: This includes Annual training and supplementary Role-Based training specific to your function at the University.
  • Simulated Phishing: This includes fake phishing emails that are sent to everyone when they complete the Annual training modules. The purpose of this simulation is to determine if the course content is helping people to identify, report, and action malicious emails.This allows us to continuously enhance the training to better fit Queen's needs.
  • CyberStrength Assessments: This includes brief assessments that are sent to everyone when they complete the Annual training modules. These assessments present a variety of scenarios and ask questions designed to gauge the adequacy and usefulness of the training. This allows us to continuously enhance the training to better fit Queen's needs.
  • Awareness Material: This includes cybersecurity material that will be updated quarterly on the IT Services website.

Importance

Why is Cybersecurity Education and Awareness important?

Effective cybersecurity to protect the confidentiality, integrity, and availability of Queen’s information and resources, requires that every individual at the University do their part and follow the best practices.  

Cybersecurity training and awareness educates Queen’s members to understand, recognize, prevent, and respond to security incidents. 

Access

How do I access the interactive training?

You can access the training by clicking the "access security training" button at the top of the page and logging in using your Queen's email address (NetID@queensu.ca) and password.

When will I receive the Cyberstrength assessment and simulated phishing?

Once you have completed your training, a Cyberstrength email will be sent to your @queensu.ca email from no-reply@queensu.ca and a simulated phishing will be randomly sent to your @queensu.ca email.

Learning Paths

Training assigned to you is specific to your role at the University. Below is an annual outline of the different training roles for 2020-2021.

Annual training (to be completed by all students, staff and faculty irrelevant of your function) invitations will be sent out annually in mid-October and Role-Based training (related to your function) invitations will be sent out every three or six months. Training invitation notification emails will be sent to your @queensu.ca email from no-reply@queensu.ca.

General
General learning path. Users will take Annual Training in October. Role-based training in April (Safer Web Browsing). Receive two simulated phishing emails in November and May.
Finance
Financial learning path. Users will take Annual Training in January, October, and July. Role-based training in April (PCI-DSS, Personal Information Fundamentals, Physical Security). Receive two simulated phishing emails in November and May.
Health and Wellness
Health and Wellness learning path. Users will take Annual Training in January, October, and July. Role-based training in April (Personal Health Information, Personal Information Fundamentals, Data Protection and Destruction). Receive two simulated phishing emails in November and May.
Human Resources
Human Resources learning path. Users will take Annual Training in January, October, and July. Role-based training in April (Personal Information Fundamentals, Avoiding Dangerous Attachments, Personal Information Fundamentals in Action). Receive two simulated phishing emails in November and May.
IT Services & IT Admin Reps
IT Services & IT Admin Reps learning path. Users will take Annual Training in January, October, and July. Role-based training in April (Physical Security, Personal Information Fundamentals, Multi-Factor Authentication). Receive two simulated phishing emails in November and May.
Legal and Compliance
Legal and Compliance learning path. Users will take Annual Training in October. Role-based training in April (Personal Information Fundamentals). Receive two simulated phishing emails in November and May.
Procurement
Procurement learning path. Users will take Annual Training in October. Role-based training in April (Physical Security). Receive two simulated phishing emails in November and May.
Researchers/Professors
Researchers/Professors learning path. Users will take Annual Training in January, October, and July. Role-based training in April (Personal Information Fundamentals, Avoiding Dangerous Attachments, Protecting Against Ransomware). Receive two simulated phishing emails in November and May.
Senior Leadership
Senior Leadership learning path. Users will take Annual Training in October. Role-based training in April (Security Essentials Executive). Receive two simulated phishing emails in November and May.
Students
Students learning path. Users will take Annual Training in October. Role-based training in April (Safer Web Browsing). Receive two simulated phishing emails in November and May.

Support

If you have additional questions regarding the Education and Awareness Program, check out the FAQs. If you have a question that is not found on the list, please fill out the Online Support Form or call us at 613-533-6666.