Security Awareness and Training Policy and Procedures (AT-1)

Security awareness training policy should address purpose, scope, roles, responsibilities, management commitment, and compliance related to secure use of information systems.

Security Awareness and Training (AT-2)

Understanding the importance of information security, individual responsibilities, and accountability are paramount to achieving university security goals. This can be accomplished with a combination of general information, security awareness training, and targeted training. The security awareness and training information needs to be ongoing and updated as needed.

Role-Based Security Training (AT-3)

The University shall provide role-based information security training to staff with information security responsibilities.

Security Training Records (AT-4)

The University maintains records of information security training and monitors them for compliance.