Information Security Awareness SANS Training FAQ (Video Training)

This FAQ is developed from feedback given by Buffalo State participants in SANS security awareness training.

Is this training available to students?

This training is currently only licensed for faculty and staff. However, Buffalo State Information Technology Is building training modules for students. Delivery will be through Blackboard, and we’ll announce when they are ready.

Several of the training videos (and other articles I've read) encourage the use of encryption software, but none of the training or Information Security Awareness messages in the Daily touch on this.

Information Technology Services will begin enabling full disk encryption on newly deployed faculty/staff Apple and Dell laptops this spring (TBD). Phase two will be to enable full disk encryption on older/existing laptops.

A note to SANS: all the avatars in the videos appear to be Caucasian. Greater diversity, please.

We are all on the same page, and this feedback has been given to the SUNY Chief Information Security Officer, and to SANS via their feedback link. SANS has acknowledged receiving the feedback.

The completion certificate printed my name in lower case. How can I get my name printed in Upper Case?

Apologies all around on this one! This is based on some confusion during the set up process that shall be corrected in future training. Remember, you will receive training once per year in accordance with the SUNY mandate.

It would have been GREAT to have been able to take the test before watching the video. If we failed, then we could have watched.

Information Technology respects you and understands your perspective. This information has been shared with the SUNY CISO. There is another value to this training in addition to presenting information to those who may not know it. It is to cause one to stop, think and refresh. Remember, you will receive training once per year in accordance with the SUNY mandate.

When I first received the SANS training email, I thought it was a scam/virus. I think it could be sent out in a more professional manner.

We agree. It comes from a “no-reply” email, and that is something you’re warned about in training. The final email asks you to “click here” for your certificate. Another no-no. We have sent this feedback to SANS.

One of the modules referenced working remotely with either an organization-approved device OR another device which has been approved for remote work. At Buffalo State, what constitutes approval for performing remote work on a device which has not been issued by Buffalo State? How is the approval process granted?

As with all things technology, everything begins with the IT Help Desk. For information on remote desktop access, please contact the IT Help Desk at 716-878-4357 or

I would like to know more about using a secure program to store our various passwords in one place with one password. I have to update a few of my passwords every few months and it would be great to have a secure place to store my passwords. It's not always easy to remember them all.

At this time, Buffalo State Information Technology does not officially recommend a specific password manager.

Changing my status on my device to “privileged,” or “administrator,” is something I don’t know much about. It would be useful to know more about that.

On the Buffalo State Campus, no individual is given “administrative rights” on their campus owned device. If the need to install software arises, please contact the IT Help Desk  at 716-878-4357 or

For home users, the account that you set up is generally set up as an administrator. Both PC and Mac operating systems (Windows and OS X) prompt the user to type in a password when attempting to install software This escalates privileges for that task. This is the only time you’re operating system will allow your privileges to elevate to administrator level. This protects you when you are working the rest of the time (i.e., because the rest of the time you are running in “standard” mode, instead of “administrator” mode).

How often do we need to run a scan with our virus protection software?

You no longer have to manually run a scan of your computer. Our anti-virus software runs in the background on campus owned.

This training said we should never use public computers, such as in hotels or libraries, for work. But when I received Office and Outlook 365 training, we were told it was so great because we could log into our work accounts from anywhere on the planet and get work done without traveling with devices. I find the messages contradictory.

Thank you for helping us communicate a distinction. You should never remote in to your computer from a public network, such as a hotel, library, coffee shop, etc. Likewise, you should never place files containing FERPA, HIPAA, or contractually protected information in Office 365. Nor should you carry them on portable media (e.g., phone, usb or other external drive).  That said, documents that do not contain FERPA, HIPAA, or contractually protected information can go into Office 365 for use off campus. Examples of this kind of work are: committee work, syllabi, writing/reports, (that do not have FERPA, HIPAA or contractually protected information), de-identified data, etc.




Article ID: 46961
Thu 1/25/18 4:01 PM
Tue 12/4/18 2:46 PM