Medaille University Information Security Awareness Policy

Medaille University Information Security Awareness Policy

« Back to Policies

 

PURPOSE:

The purpose of this policy is to raise the awareness of information security and to inform and highlight the responsibilities faculty, staff, certain student workers, third party contractors and volunteers have regarding their information security obligations. Formal information security awareness will aid in the protection of data, intellectual property, financial data, restricted and sensitive information, networked systems, and applications entrusted to and utilized by the University.

 

SCOPE:

This policy will apply to the following individuals that are granted access to Medaille University’s Information Technology Systems:

a.    Full and part-time staff
b.    Full and part-time faculty
c.    Third party contractors and/or vendors who may have access to or the ability to store, process, transmit or manage university data.
d.    Student workers who may have access to or the ability to store, process, transmit or manage university data.
e.    Volunteers who may have access to or the ability to store, process, transmit or manage university data.
f.    Users that will ONLY be connecting to the Medaille-Guest wireless network, will not be subject to this policy.

 

REQUIREMENTS:

a.    All users affected by this policy are required to complete a Computer Based Training (CBT) module on Cyber Security Awareness annually.  
**The training module will be supplied by the Medaille University IT Department**
 
b.    All new university-employed users (faculty and staff) are required to complete a CBT on Cyber Security Awareness within 30 days of their start date.
**The training module will be supplied by the Medaille University IT Department**
    
c.    All new non-employees, including student workers, third party vendors, contractors, and volunteers, are required to complete a CBT on Cyber Security Awareness BEFORE getting access to the Medaille University Information Systems.
**The training module will be supplied by the Medaille University IT Department**

d.    All users affected by this policy will be required to complete approved “ad-hoc” assessment and training as deemed necessary by the Medaille University Information Security Team.

e.    Ongoing Cyber Security Assessment will be conducted in accordance with the “Policy for Cyber Security Awareness Assessment”.  


 
ROLES AND RESPONSIBILITIES:

Medaille University

a. Information Technology Security Team

i.    Facilitate implementation of effective cyber security awareness and training programs.
ii.      Determine what CBT module will be the required training module
iii.      Conduct on-going assessment and training
iv.      Provide relevant cyber security literature to HR to include in new employee welcome packets
v.      Implement restrictions on non-compliant users
vii.     Provide, upon request, reports to department heads, directors or VPs on departmental compliance levels

 

b. Human Resources Director

i.     Approve this policy and any future changes
ii.      Include IT provided Cyber Security Awareness literature in new employee on-boarding packets

 

c. VPs/Directors/Department Heads

i.      Ensure end-user compliance within their departments
ii.     Ensure end-users that fail ongoing cyber security assessment exercises are available for additional training

 

d. Users

Complete required training and assessments

 


COMPLIANCE:

Users that fall out of compliance with this policy will be subjected to restricted access to the university’s information systems until compliance is met.  The level of restriction will be determined by the Medaille University IT Security Team.

 

POLICY EXCEPTIONS:

Should the need arise for an exception to this policy, the VP, director or department head will request an exception by filling out the “Cyber Security Awareness Exception Request Form”.  The approval of the request lies solely on the Medaille University CIO.

 

no_outer_space
show-tags
  • UNIQUE VISITORS:32
  • TOTAL VISITORS:32