Overview
Goals & Definitions
Goals of Information Technology (IT) Security Awareness Training
- To assist faculty and staff in using safe, secure computer practice to safeguard College computing systems and data they store or access.
- To answer any questions about information security requirements and procedures
- To promote Computer Security Awareness
What Is IT Security Awareness?
Information Technology Security Awareness means understanding various information technology threats that exist in one's computing environment and taking reasonable steps to guard against them.
NOTE: Security Awareness is one of the thirteen security components required in the COV ITRM Standard SEC2001-01.1.
Who Must Participate in Security Awareness Training?
- All new employees who use information technology or have access to areas where information resources reside, must receive formal training within 30 days
- Refresher training must be provided to all personnel annually at a minimum
Elements and Delivery of the Training
What Must Be Included in the IT Security Awareness Training Program?
- Provide both general and position appropriate security awareness content.
- Specify timeframes for receiving initial, ongoing and refresher training.
- Be documented on an auditable medium.
- Be approved by the Information Systems Security Officer.
How Is Security Awareness Training Documented?
- Receipt of training must be documented in new employee’s personnel file with employee’s acknowledgement of receipt and understanding.
- Documentation of yearly employee training is completed online and maintained in a database available to the information System Security Officer.
- All training must be documented and filed with Information Systems Security Officer and available for audit.
How Can Training Be Delivered?
- New employee orientation
- General sessions
- Departmental sessions
- Web delivery via Web Pages, PowerPoint or video
- Tip of the month via email to distribution lists
- Posters
- Brochures
- “Security Day”
- Brown bag lunch sessions
Consequences of Security Violations
- Risk to security and integrity of personal or confidential information.
- Loss of employee and public trust resulting in embarrassment and bad publicity.
- Costly reporting requirements in case of compromise of sensitive information.
- Internal disciplinary action(s) up to and including termination of employment, possible penalties, prosecution, & potential for sanctions/lawsuits.
Implementation of NOVA’s IT Security Awareness Training
- Progress through the IT Security Awareness website, reading all of the information.
- As you complete each section, you will find a link at the bottom of the web page to click to go to the next section.
- When you have completed all of the sections, you will find the link to the IT Security Awareness form at the bottom of the Resources web page.
- After reading the training material on the site, complete and submit the online IT Security Awareness form. Be sure to enter your name and type “Yes” before you submit the online agreement form.
- Print a copy of your completion confirmation from this site.
- Print a copy of the IT Security Awareness Handout found in Resources for review.
NOTE: There is a PowerPoint presentation found in Resources that covers all the material on the site.