 |
Technology
Models |
Security Awareness
Version: 3.0
Status: Approved: 07/29/03
Contact: Valerie Adkins
PURPOSE
- To provide guidelines to assist in the development of information technology security awareness and training program.
SCOPE
- This document covers those basic elements that should be included in the program.
APPLICABILITY
- This procedure is applicable to the System Office, VCC Utility and the
twenty-three colleges.
MODEL
- The guidelines developed in this document define a minimum set of expectations. The guidelines will be reviewed as necessary to reflect changes in the use of technology, State and Federal Laws and State Policies, and Directives.
EXPECTATIONS
- The college should establish and maintain information technology security awareness and training programs to ensure that all individuals involved in the management, operation, programming, maintenance or use of VCCS information technology resources and services are aware of their security responsibilities and understand how they should be fulfilled.
GUIDELINES
The college information security officer should be assigned the responsibility for developing and maintaining a local security awareness program. The following requirements have been identified as being necessary for compliance with
COV
ITRM Standard SEC2001-01.1:
- Develop and maintain a formal security awareness and training program.
- All individuals should be provided training based on their level of responsibility and access to the college's sensitive information.
- All individuals should be briefed or have access to the VCCS Information Technology Ethics Agreement for students and patrons.
- Security workshops, seminars, or general meetings should be conducted annually to provide reinforcement for all staff and faculty.
- The college information security officer should maintain all training records and related documentation.
-
Return
to Technology Models