INFORMATION SECURITY AWARENESS AND TRAINING POLICY
Policy Objective
This policy provides support and direction for developing and managing the information security awareness and training program, and the validation of that program.
Scope
All faculty and staff at Parkland College are required to complete security awareness training and participate in the security awareness program.
Security awareness materials shall be made available to students and their participation is voluntary.
Policy
Section 1 – Security Awareness and Training
Tailored and appropriate security awareness and training activities must occur on a regular basis, at least annually.
The activities must:
-
Facilitate understanding and compliance with Parkland College security policies, standards, procedures, and guidelines
-
Support the rules of behavior for the systems and data to which users have access
-
Guide users to the appropriate actions they can take to better protect information at Parkland College
-
Enable the users at Parkland College to understand their role in information security and how best to fulfill that role
Section 2 – Security Awareness Testing
The effectiveness of information security awareness, training, and the overall culture of security shall be tested:
-
Separately from training
-
On a regular basis
-
Using various measures (including phishing, social engineering, surveys, etc.)
-
Depending on risk factors and threats
The tools for testing security awareness shall be appropriate for the state of current technology and targeted towards the current threat environment.