Security Awareness and Training Policy - Administrative Policy and Procedures

  1. Back to Policies and Procedures Page
  1. Purpose
    1. The purpose of this Security Awareness and Training Policy is to outline the approach that the College will follow to provide Security education to Users of College Information Systems. The education will consist of both Security Awareness education and Security Training.
  2. Definitions
    1. Information Asset - Data or knowledge stored in any electronic manner and recognized as having value for the purpose of enabling the College to perform its business functions.
    2. Information System - An Application or group of Servers used for the electronic storage, processing, or transmitting of any College data or Information Asset.
    3. Restricted Data – Any data types classified as Restricted per the Data Classification and Encryption Policy.
    4. User – Any person, including students, staff, faculty, permanent and temporary employees, contractors, vendors, research collaborators, and third-party 000000000agents, who accesses any College Electronic Resources, Information Systems, and/or IT Resources.
  3. Policy
    1. Security Awareness
      1. All Users will be provided with security awareness training. Awareness training will be provided through a number of different forums:
        1. New employee orientation
        2. Annual refresher training
        3. Security articles in various newsletters
        4. Periodic security reminders
        5. Email or other mass notification of substantial changes to College regulations.
      2. The purpose of the College's Security Awareness program is to educate its workforce to recognize key security concerns and to respond accordingly. Key security concerns include:
        1. Protecting the College Information Systems and Information Assets against malicious software and exploitation of vulnerabilities
        2. Identifying and reporting security incidents
        3. Understanding applicable regulatory compliance requirements
        4. Understanding on-going changes in technologies and security practices
      3. Information security program documentation will be available to all Users and will be stored in a location that can be easily accessed.
    2. Security Training
      1. The College's security training program and training materials will incorporate relevant security topics, will be reviewed periodically to ensure the training is current, and will be approved by the Information Security Office (ISO) prior to being presented.
      2. Security training attendance and completion will be recorded.
      3. All Users must complete appropriate security training without unreasonable delay prior to accessing any College Information System.
Policy migration in progress

Davis Tech is in the process of migrating our policies from PDF to HTML format to conform to Title II (ADA) requirements. During this transition period, the latest approved version of the policy is available (below) in pdf format, but may contain ADA Compliance errors.

Printable PDF

Effective Date: 09 October 2023

  • Approvals and Notes
  • Expended President’s Council: 9 October 2023