informationtechnologysecurityplan** information...
TRANSCRIPT
Information Security Awareness Policy (10.3) 1
Information Technology Security Plan Information Security Awareness Policy (10.3) Responsible executive: CIO Approval date: 7/01/2016 Responsible office: ITS Effective date: 7/01/2016
Related policies: IT Security Plan 1.0 Policy Statement Information security awareness training provides practical and simple guidance to reinforce appropriate conduct as it relates to a user’s role in information security. At Savannah State University, secure computing, records management, privacy and protecting restricted information are everyone’s responsibility. 2.0 Reason for Policy The purpose of this policy is to increase the awareness of the university community through an information security awareness program to ensure each user understands their role and responsibility related to information security. 3.0 Applicability This policy applies to all employees, students, contractors and other agents operating on behalf of SSU who have logical or physical access to SSU information and IT assets. 4.0 Policy 4.1 SANS Securing The Human SANS Securing The Human is an information security awareness program that provides practical and simple guidance to reinforce appropriate conduct in an effort to reduce SSU’s overall security exposure. The objective of SANS Securing The Human is to educate faculty and staff on appropriate computing practices while using IT assets. Users are responsible for the following:
• It is the responsibility of each user to read and understand the IT Security Plan and associated policies available on Policy Tech – the system of record for policies and procedures
• Information security awareness training must be completed annually • Report all security incidents or violations to the CIO or one of his/her designees