The University shall provide role-based information security training to staff with information security responsibilities.


  • The Chief Information Security Officer (CISO), or designee is responsible for ensuring that the measures described in this Control are implemented.


  • 1

    It is the responsibility of the CISO, or designee, to ensure role-based security training is completed by information technology staff with assigned security roles and responsibilities:

    • 1.1

      Before authorizing access to information resources or performing assigned duties;

    • 1.2

      When required by information resource changes; and

    • 1.3

      Annually, thereafter.