Home&苍产蝉辫;禄&苍产蝉辫;About&苍产蝉辫;禄&苍产蝉辫;ESGC At A Glance&苍产蝉辫;禄&苍产蝉辫;Policies & Procedures&苍产蝉辫;禄&苍产蝉辫;Information Security Awareness Training Policy

Adopted by President鈥檚 Cabinet 8/24/21

I. Introduction

This policy was created to comply with the University System of Georgia鈥檚 (USG) information technology policies, specifically USG Information Technology Handbook, Section 5.9.2.

In the event any information contained within this policy conflicts with any USG Board of Regents (BOR) policy, the BOR policy controls.

II. Purpose

This purpose of this policy is to increase information security / cybersecurity awareness amongst 麻豆色情片鈥檚 (麻豆色情片) employees through Information Security Awareness Training. 麻豆色情片 cannot protect the confidentiality, integrity and availability of information and information systems without ensuring that each employee understands their roles and responsibilities as it relates to information security / cybersecurity. 麻豆色情片 will provide biannual information security / cybersecurity training to all employees as a function of performing their respective roles and responsibilities. The human factor is critical to the success of protecting information assets.

The 麻豆色情片 Information Security Awareness Training Policy applies to all 麻豆色情片 employees who access 麻豆色情片 / USG information systems. Topics covered in the training include:

    1. Cybersecurity policy and guidelines and the need for cybersecurity
    2. Data governance and management as well as roles and responsibilities
    3. Importance of personal cybersecurity
    4. Threats to cybersecurity and incident reporting

III. Policy

Awareness training shall be conducted bi-annually. Participation by all 麻豆色情片 employees is mandatory, and completion shall be documented and shall provide practical and simple guidance pertaining to user roles and responsibilities. Additional role-based security training shall be provided to IT specialists, developers, security management and users having unique or specific cybersecurity responsibilities.

IV. Exceptions

Exceptions to the 麻豆色情片 Information Security Awareness Training Policy, other than those previously discussed, are to be evaluated on a case-by-case basis by 麻豆色情片鈥檚 Vice President of Information Technology and/or the Information Security Officer (ISO).

V. Applicability

All 麻豆色情片 employees, including part-time employees and student workers.

VI. Accountability

Failure to complete the biannual Information Security Awareness Training in the time scheduled will result in the 麻豆色情片鈥檚 employee鈥檚 network and information systems access being removed until the employee has completed the training. 麻豆色情片鈥檚 ISO will provide evidence that all 麻豆色情片 employees have completed the respective Information Security Awareness Training.

VII. Contacts

    • 麻豆色情片 Vice President for Information Technology
    • 麻豆色情片 Information Security Officer

VIII. References

    • O.C.G.A. 搂 16-9-150 (2019), Georgia Security Act of 2005
    • NIST SP 800-16 IT Security Training Requirements
    • NIST SP 800-50 Building an IT Security Awareness and Training Program

Last Update August 2021