Security Awareness and Training (AT-2)

| Show Notes
Created December 5, 2016
Revised September 1, 2016

Description

Understanding the importance of information security, individual responsibilities, and accountability are paramount to achieving university security goals. This can be accomplished with a combination of general information, security awareness training, and targeted training. The security awareness and training information needs to be ongoing and updated as needed.

Applicability

This Control applies to all Texas A&M personnel who use University information resources.

Implementation

1

All Texas A&M personnel who use information resources are required to comply with this Control. A method to accomplish the requirements listed below is provided through the use of the Information Security Awareness (ISA) training module (Course 3001). This web based training module is accessed via SSO’s TrainTraq.

1.1

All new employees shall complete security awareness training prior to, or at least within 30 days of, being granted access to any Texas A&M University information resources. This shall be part of the new employee’s orientation training session.

1.2

All users must acknowledge they have read, understand, and will comply with university requirements regarding computer security policies and procedures.

1.3

All Texas A&M University personnel must complete the university security awareness training on an annual basis.

1.3.1

Security awareness training shall address recognition and reporting of indicators for insider threats.

2

Units may require additional incidental training and require acknowledgement as determined by the unit.

3

Unit information technology personnel shall establish and maintain a process to communicate new security program information, security bulletin information, and security items of interest to unit personnel.

4

Unit heads shall ensure that personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.