Security Training

1. General

Understanding the importance of information security and individual responsibilities and accountability pertaining to information security are paramount to achieving University security goals. This can be accomplished with a combination of general information security awareness training and targeted, product specific training. The security awareness and training information needs to be ongoing and updated as needed. The purpose of security training is to describe the requirements to ensure each user of university information resources receives adequate training on information security issues.

2. Applicability

This procedure applies to all users of University information resources. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with security awareness and training. The intended audience is all users of information resources.

3. Definitions

• Information Resources (IR): the procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.

4. Procedure

1. All new employees shall complete security awareness training prior to, or at least within 30 days of,  being granted access to any University information resources. This shall be part of the new     employee’s orientation training session.

2. All departmental heads shall ensure their personnel’s completion of security awareness training on an annual basis, provided through HR