Adopted by President’s Cabinet 8/24/21
I. 介绍
This policy was created to comply with the University System of Georgia’s (USG) information technology policies, specifically USG Information Technology Handbook, Section 5.9.2.
In the event any information contained within this policy conflicts with any USG Board of Regents (BOR) policy, the BOR policy controls.
II. 目的
This purpose of this policy is to increase information security / cybersecurity awareness amongst East Georgia State College’s (EGSC) employees through Information 安全 意识培训. EGSC cannot protect the confidentiality, integrity and availability of information and information systems without ensuring that each employee understands their roles and responsibilities as it relates to information security / cybersecurity. EGSC will provide biannual information security / cybersecurity training to all employees as a function of performing their respective roles and responsibilities. 人类的 factor is critical to the success of protecting information assets.
The EGSC Information 安全 意识培训 政策 applies to all EGSC employees who access EGSC / USG information systems. Topics covered in the training include:
-
- Cybersecurity policy and guidelines and the need for cybersecurity
- Data governance and management as well as roles and responsibilities
- Importance of personal cybersecurity
- Threats to cybersecurity and incident reporting
3. 政策
Awareness training shall be conducted bi-annually. Participation by all EGSC employees is mandatory, and completion shall be documented and shall provide practical and simple guidance pertaining to user roles and responsibilities. Additional role-based security training shall be provided to IT specialists, developers, security management and users having unique or specific cybersecurity responsibilities.
IV. 异常
异常 to the EGSC Information 安全 意识培训 政策, other than those previously discussed, are to be evaluated on a case-by-case basis by EGSC’s Vice President of Information Technology and/or the Information 安全 Officer (ISO).
V. 适用性
All EGSC employees, including part-time employees and student workers.
VI. 问责制
Failure to complete the biannual Information 安全 意识培训 in the time scheduled will result in the EGSC’s employee’s network and information systems access being removed until the employee has completed the training. EGSC’s ISO will provide evidence that all EGSC employees have completed the respective Information 安全 意识培训.
7. 联系人
-
- East Georgia State College Vice President for Information Technology
- East Georgia State College Information 安全 Officer
8. 参考文献
-
- USG劳工手册
- O.C.G.A. § 16-9-150 (2019), Georgia 安全 Act of 2005
- NIST SP 800-16 IT 安全 Training Requirements
- NIST SP 800-50 Building an IT 安全 Awareness and Training Program
Last Update August 2021
