- IRT Division
- Vice President & Chief Information Officer
AIRC Rm 3010 (map)
Tools & Resources
- Students & Staff
- Security Services
- Training & Awareness
- Security News
Policy & Standards
|Information Security Awareness and Training
|Number: 8035.0 Revised: April 19, 2010|
The CSU Information Security policy provides direction and support for developing and managing information security awareness and training programs.
100 Information Security Awareness and Training
Each campus must implement a program for providing appropriate information security awareness and training to employees appropriate to their access to campus information assets. The campus information security awareness program must promote campus strategies for protecting information assets containing protected data.
All employees with access to protected data and information assets must participate in appropriate information security awareness training. When appropriate, information security training must be provided to individuals whose job functions require specialized skill or knowledge in information security.
200 Information Security Awareness
The security awareness program must provide an overview of campus information security policies, and help individuals recognize and appropriately respond to threats to campus information assets containing level 1 or level 2 data as defined in the CSU Data Classification Standard.
The program must promote awareness of:
- CSU and campus information security policies, standards, procedures, and guidelines.
- Potential threats against campus protected data and information assets.
- Appropriate controls and procedures to protect the confidentiality, integrity, and availability of protected data and information assets.
- CSU and campus notification procedures in the event protected data is compromised.
After receiving initial security awareness training, employees must receive regular updates in policies, standards, procedures and guidelines. The updates should be relevant to the employee’s job function, duties and responsibilities.
300 Information Security Training
When necessary, the campus information security program must provide or coordinate training for individuals whose job functions require special knowledge of security threats, vulnerabilities, and safeguards. This training must focus on expanding knowledge, skills, and abilities for individuals who are assigned information security responsibilities.
Continue to the Sacramento State Supplemental Policy
Back to to Sacramento State Information Security Policy Website
Information Resources and Technology | Sacramento State | 6000 J St | Sacramento, CA, 95819-6065 | AIRC Building | 916.278.7337
If you have difficulty accessing content on this page, please contact the webmaster.