Information Security Awareness and Training Supplemental Policy
Number: 8035.0 Revised: August 15, 2010
The Information Security Officer must implement a program to provide regular information security awareness training to all campus employees appropriate to their level of access to campus information assets. All employees with access to Level 1 data and information assets must participate in information security awareness training on at least an annual basis that is specifically targeted at continued protection of those data and assets.
8035.200 Security Awareness
At a minimum, this information security awareness program must provide all employees with an overview of campus information security policies applicable to their work and prepare individuals to recognize and appropriately respond to threats to Level 1 and Level 2 data, as defined in the Sacramento State Data Classification Standard.
8035.300 Specific Security Training
The Information Security Officer must also provide or coordinate targeted training for individuals whose job functions require special knowledge of safeguards required to counter identified security threats and vulnerabilities. This training must focus on expanding information security knowledge, skills, and abilities specific to the information handling duties of individuals who handle protected data (i.e. Level 1 and Level 2 data)
Back to to Sacramento State Information Security Policy Website