APPENDIX TO POLICY
Information Security Awareness, Education and Training Standard
To provide appropriate awareness and training on information security to help protect University IT resources, including data, network and services. Some individuals must meet regulations or contractual agreements related to their security awareness, education and training.
Participation by University Community Members in security awareness
The following table defines baseline participation for University community members in security awareness.
|SA.A.01||Complete mandatory security awareness training course||Required||Required||Required 1|
|SA.A.02||Review University information security policies and procedures||Required||Required||Required|
|SA.A.03||Participate in general security awareness||Required||Recommended||Optional|
1 When notified that you must take a course.
Program Design Requirements for those responsible for designing or delivering security awareness training
The following table defines baseline program design requirements for those responsible for designing or delivering security awareness.
|SA.B.01||Track completion of security awareness training||Required||Optional||Optional|
|SA.B.02||Periodically review and update content (suggested: annual)||Required1||Required||Required|
1 PCI-DSS requires annual review and update of content for people involved in storing, processing or transmitting cardholder data.
This applies to content and program management of security awareness, education and training. The content is delivered through various channels, including but not limited to online training, web sites, newsletter, messaging, or printed material.
This applies to University community members who use or manage University IT resources.
More information on Information Security Awareness, Education and Training
- November 2014