ISP-05 - Information Security Awareness and Training Policy

Summary

Support and direction for developing and managing the information security awareness and training program

Body

INFORMATION SECURITY AWARENESS AND TRAINING POLICY


 

Policy Objective

This policy provides support and direction for developing and managing the information security awareness and training program, and the validation of that program.

Scope

All faculty and staff at Parkland College are required to complete security awareness training and participate in the security awareness program.

Security awareness materials shall be made available to students and their participation is voluntary.


 

Policy

Section 1 – Security Awareness and Training

Tailored and appropriate security awareness and training activities must occur on a regular basis, at least annually.

The activities must:

  • Facilitate understanding and compliance with Parkland College security policies, standards, procedures, and guidelines

  • Support the rules of behavior for the systems and data to which users have access

  • Guide users to the appropriate actions they can take to better protect information at Parkland College

  • Enable the users at Parkland College to understand their role in information security and how best to fulfill that role

Section 2 – Security Awareness Testing

The effectiveness of information security awareness, training, and the overall culture of security shall be tested:

  • Separately from training

  • On a regular basis

  • Using various measures (including phishing, social engineering, surveys, etc.)

  • Depending on risk factors and threats

The tools for testing security awareness shall be appropriate for the state of current technology and targeted towards the current threat environment.


 


 

Details

Details

Article ID: 156037
Created
Wed 5/31/23 3:54 PM
Modified
Wed 5/31/23 5:28 PM

Related Articles

Related Articles (1)

Definitions of terms used across policies and standards