Technology Security Training

 

PURPOSE:

Understanding the importance of computer security and individual responsibilities and accountability for computer security are paramount to achieving organization security goals. This will be accomplished with a combination of general computer security awareness training and targeted product-specific training. The philosophy of protection and specific security instructions needs to be taught to and re-enforced with technology users. The security awareness and training information needs to be continuously upgraded, reinforced, and assessed.

The purpose of the Technology Security Training Policy is to describe the requirements that ensure each user of SPC information technology resources receives adequate training on technology security issues. Additionally, state law requires that institutions of higher education provide an ongoing information security awareness education program for all users of state-owned information resources (Texas Administrative Code (TAC) §202).

 

SCOPE:

The SPC Technology Security Training policy applies equally to all employees.

 

POLICY STATEMENT:

  1. All employees must participate in the SPC Security Awareness Training within 30 days of initially being granted access to SPC information technology resources, or per request of the data owner or supervisor.
  1. Annually, all employees must complete the SPC Security Awareness training and pass the associated examination.
  1. Annually, all employees must sign a non-disclosure agreement per IQ- Non- Disclosure Agreement Policy stating they have read and understand SPC requirements regarding SPC-IS policies and procedures.
  1. SPC-IS must prepare, maintain, and distribute an Information Security User Guide that concisely describes SPC information security policies and procedures.
  1. SPC-IS must develop and maintain a communication plan that will communicate security awareness to the SPC user community.
  1. SPC-IS will randomly send phishing campaigns to assess the effectiveness of the Security Awareness training. 

 

DEFINITIONS:

Information Security User Guide: Describes the requirements that ensure each person has the knowledge to protect SPC information technology resources, protect themselves and comply with applicable laws.

 

Non-Disclosure Agreement: Formal acknowledgement that all employees must sign acknowledging they have read and understand SPC requirements regarding computer security policies and procedures. This agreement becomes permanent record and will be renewed annually.

 

Security Awareness Training: Annual training required by Texas Administrative Code

  • 202 to re-familiarize users with the SPC policies, their responsibility to protect SPC resources and to behave in a responsible, ethical, and legal manner.

 

Texas Administrative Code (TAC) §202): State law that outlines mandatory user security practices, specifically security awareness training and non-disclosure agreements.

 

Related Policies, References and Attachments:

An index of approved SPC-IS policies can be found on the SPC Policies website at https://www.southplainscollege.edu/human_resources/policy_procedure.  The SPC Information Security Program and SPC Information Security User Guide are also available on the Information Technology Services Policies website.

DIR Security Controls Catalog Control Group: AT-2

 

Approved by:  Administrative Council, April 1, 2021

Next Review: April 1, 2022