Security Awareness Training Policy, Information Technology

Title: Security Awareness Training Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All faculty, staff, student employees, and volunteers   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

The Information Security Office (ISO) maintains an active Security Awareness Training program available to all faculty, staff, and student employees. This policy establishes the authority of the ISO to mandate Security Awareness training as needed and outlines the expectations for individuals and departments in assisting with ensuring the confidentiality, integrity, and availability of university systems, services, and data. 

APPLIES TO 

This policy applies to all University faculty, staff, student employees, and volunteers who regularly interact with or have access to confidential or protected information within the university. 

POLICY STATEMENT  

While the Information Security Office maintains an active information security program, faculty and staff members’ knowledge of the threats and risks to the University’s systems and data is a critical component in helping to defend the University from attack.  

The ISO maintains an Information Security Awareness program that supports University employees’ and students’ needs for regular training. Training on important information security topics is available or communicated in multiple ways including: 

  • Online training systems with a variety of topics relevant to Information Security (available at https://security.uconn.edu/training) 
  • Communications to targeted groups by email of ongoing or imminent threats 
  • Postings on various web-based systems across the university (security.uconn.edu or techsupport.uconn.edu) 
  • Availability of ISO staff for in-person discussions on information security 

As part of their ongoing operations and employee development, all academic and administrative departments should identify opportunities to engage faculty, staff, and student employees in Security Awareness training annually. These opportunities may include those offerings from the ISO or a tailored program for specific threats against departments or systems, which may also be included in procedural manuals or scheduled as group training opportunities. 

The ISO is authorized to mandate Security Awareness training. In some areas, Security Awareness training may be mandatory based on federal or industry regulations. Training for these programs must be coordinated with the ISO to ensure regulatory requirements are met.  

ENFORCEMENT  

Failure to comply with mandatory Security Awareness training, or to coordinate training with the ISO, may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

REFERENCES 

Compliance Training Policy 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions:  August 30, 2021 [Approved by President’s Senior Team]