Printed on: 08/19/2018. Please go to http://policy.umn.edu for the most current version of the Policy or related document.

APPENDIX TO POLICY

Information Security Awareness, Education and Training Standard

Objective

To provide appropriate awareness and training on information security to help protect University IT resources, including data, network and services. Some individuals must meet regulations or contractual agreements related to their security awareness, education and training.

Security Controls

Participation by University Community Members in security awareness

The following table defines baseline participation for University community members in security awareness.

Control Security Level
ID Description High Medium Low
SA.A.01 Complete mandatory security awareness training course Required Required Required 1
SA.A.02 Review University information security policies and procedures Required Required Required
SA.A.03 Participate in general security awareness Required Recommended Optional

1 When notified that you must take a course.

Program Design Requirements for those responsible for designing or delivering security awareness training

The following table defines baseline program design requirements for those responsible for designing or delivering security awareness.

Control Security Level
ID Description High Medium Low
SA.B.01 Track completion of security awareness training Required Optional Optional
SA.B.02 Periodically review and update content (suggested: annual) Required1 Required Required

1 PCI-DSS requires annual review and update of content for people involved in storing, processing or transmitting cardholder data.

Resources Covered

This applies to content and program management of security awareness, education and training. The content is delivered through various channels, including but not limited to online training, web sites, newsletter, messaging, or printed material.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

More information on Information Security Awareness, Education and Training

Published Date

  • November 2014

Document Feedback