This Control applies to all information resource owners, custodians, and users.

University Standard Administrative Procedure 29.01.03.M0.02, Acceptable Use, describes individual responsibilities and expected behavior regarding information resource usage.

It is the responsibility of the unit head or designee to obtain an acknowledgment from all individuals indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information resources.

It is the responsibility of the Chief Information Security Officer to incorporate content regarding rules of behavior into the Annual Security Awareness Training required of all university employees (See Control AT-2).

• 3.1

  The content in the Annual Security Awareness Training shall be reviewed and updated as appropriate.