|Title:||Security Awareness Training Policy, Information Technology|
|Policy Owner:||Information Technology Services / Chief Information Security Officer|
|Applies to:||All faculty, staff, student employees, and volunteers|
|Campus Applicability:||All campuses except UConn Health|
|Effective Date:||August 30, 2021|
|For More Information, Contact||UConn Information Security Office|
|Contact Information:||email@example.com or firstname.lastname@example.org|
The Information Security Office (ISO) maintains an active Security Awareness Training program available to all faculty, staff, and student employees. This policy establishes the authority of the ISO to mandate Security Awareness training as needed and outlines the expectations for individuals and departments in assisting with ensuring the confidentiality, integrity, and availability of university systems, services, and data.
This policy applies to all University faculty, staff, student employees, and volunteers who regularly interact with or have access to confidential or protected information within the university.
While the Information Security Office maintains an active information security program, faculty and staff members’ knowledge of the threats and risks to the University’s systems and data is a critical component in helping to defend the University from attack.
The ISO maintains an Information Security Awareness program that supports University employees’ and students’ needs for regular training. Training on important information security topics is available or communicated in multiple ways including:
- Online training systems with a variety of topics relevant to Information Security (available at https://security.uconn.edu/training)
- Communications to targeted groups by email of ongoing or imminent threats
- Postings on various web-based systems across the university (security.uconn.edu or techsupport.uconn.edu)
- Availability of ISO staff for in-person discussions on information security
As part of their ongoing operations and employee development, all academic and administrative departments should identify opportunities to engage faculty, staff, and student employees in Security Awareness training annually. These opportunities may include those offerings from the ISO or a tailored program for specific threats against departments or systems, which may also be included in procedural manuals or scheduled as group training opportunities.
The ISO is authorized to mandate Security Awareness training. In some areas, Security Awareness training may be mandatory based on federal or industry regulations. Training for these programs must be coordinated with the ISO to ensure regulatory requirements are met.
Failure to comply with mandatory Security Awareness training, or to coordinate training with the ISO, may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.
Questions about this policy or suspected violations may be reported to any of the following:
Office of University Compliance – https://compliance.uconn.edu (860-486-2530)
Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)
Information Security Office – https://security.uconn.edu
Policy created: May 16, 2012
Revisions: August 30, 2021 [Approved by President’s Senior Team]