STANDARD FOR INFORMATION SECURITY TRAINING

 

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 16 – Standard for Information Security Training

 


 I. STANDARD STATEMENT


Information security awareness and training are vital components of UTSA's Information security program.  All users of UTSA computing resources must be aware of their role and responsibilities in the protection of information and trained to fulfill their responsibilities.

 


 II. RATIONALE


This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.

 


III. SCOPE


This standard applies to all UTSA faculty, staff, and students.

 


IV. CONTACTS


If you have any questions about OIS 16 – Standard for Information Security Training contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 


PROCEDURES  


1. Required Training
  1. University employees and others granted access to the university computing systems must complete training within the first 30 days of their receiving an account.
  2. University employees and others granted access to the university computing systems must complete regular refresher training that reinforces information security practices and concepts
  3. The Office of Information Security will provide regular updates and reminders about information security issues, awareness and available training opportunities for University employees and others granted access to the university computing systems.
  4. Training objectives and content must be aligned with the role and responsibility of the trainees, and must be reviewed regularly to reflect changes in technology policy or practice.

 2. Required Topics for Training

  1. Information security significance and importance
  2. Structure of the Information Security program at UTSA and UT System
  3. Information security and privacy responsibilities
  4. Relevant policies, materials and documentation
  5. Information security best practices

Training content and attendance shall be documented and made available to the Office of Information Security upon request.

 

______________________________________________________________________________

Effective Date: April 1, 2011 Last Revised: April 10, 2013

<< Back