56.50.19 - Security Awareness and Training

Return to policies website

PURPOSE:

Security Awareness and training on information security principles is essential for employees and students to minimize the likelihood of exposure to security breaches and to comply with state and federal law. [1][2]

REVIEW:

This policy will be reviewed by the Information Security Officer (ISO) and the Chief Information Officer (CIO) every odd-numbered year.

POLICY/PROCEDURE:

  1. Institutional IT Security Awareness Training will be required for all staff, faculty, and students who access the TTUHSC El Paso network and/or data. [3][4][5][6][7]
  1. The ISO will be responsible for the selection, approval, and monitoring of security training materials and activities provided to and utilized by staff, faculty, and students. [8][9]
  1. Basic Security Awareness and Training will be provided in the following methods and frequencies:
    1. New Employee Orientation – one-time basis
    2. Online Training – annual basis
    3. HIPAA Security Training – annual basis
    4. Digital Signage – as needed
  1. Advanced Security Role-Based Training for employees or students assigned with information security roles is the responsibility of the individual and their department. [10]

 

 

 

[1] TAC 202.74 (6)(B)(2)
[2] 45 CFR § 164.308 (5)(i)
[3] TGC 2054.122
[4] TAC 202 Control Catalog AT-1
[5] TAC 202 Control Catalog AT-2
[6] PCI DSS v3.2 - Sec 12.6
[7] Computer Security Act of 1987 – Public Law 100-235 (H.R. 145) - Sec. 5
[8] TAC 202.71 (B)(4)
[9] 45 CFR § 164.308 (5)(ii)(A)
[10] TAC 202 Control Catalog AT-3