Purpose
To provide ÈÕº«Èý¼¶ with guidance in developing and implementing the appropriate protective safeguards to support the confidentiality, integrity, and availability of ÈÕº«Èý¼¶ assets and information.
Policy
ÈÕº«Èý¼¶ faculty, staff, students, and appropriate third-parties are provided information security awareness education. ÈÕº«Èý¼¶ faculty and staff are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, legal requirements, regulations, and agreements. To accomplish this, ÈÕº«Èý¼¶ has implemented an information security awareness program that discusses common security shortcomings that can be strengthened through individual action. ÈÕº«Èý¼¶ reviews the information security awareness program annually and appropriate updates are applied based on the findings of the annual reviews. ÈÕº«Èý¼¶ requires faculty and staff to verify annually that they have completed their information security awareness training and are aware of their data security responsibilities and ÈÕº«Èý¼¶â€™s information security policies.
Summary
- ÈÕº«Èý¼¶ administers general security training that is used to enhance information security awareness for faculty, staff and students.
- Training may include the following: posters, email advisories, log-on screen messages, classroom training or E-Learning
- ÈÕº«Èý¼¶ offers role-based training to authorized users with privileged rights to minimize administrative privileges and utilization of administrative accounts only when required.
- Physical and information security personnel are given specific training based upon the needs of their roles
Training and Awareness Policy Details [pdf]