information risk management program
play

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan - PDF document

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security & Privacy Office June 8, 2017 Information Security and Privacy Plan Goal 2: Training and Outreach People are the


  1. INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security & Privacy Office June 8, 2017

  2. Information Security and Privacy Plan – Goal 2: Training and Outreach People are the most critical component when it comes to protecting data and information. When fellow security and privacy best practices, they our best assets: when they don’t, they are our greatest risk. An effective level of awareness is essential to protect FSU’s IT resources and information. The Plan A training plan can be defined as an educational program that is designed to reduce the number of security and privacy breaches that occur through a lack of employee awareness. It targets all users in an organization with specific programs for their jobs and level of technical expertise. The unit training plan holds employees accountable for their actions by communicating policy to all users. The primary plan deliverable is developing skills and knowledge so that users can perform their jobs using IT systems more securely. The training plan also sets the security tone for the faculty and staff of your unit, especially if it is made part of their onboarding orientation. According to the National Institute of Standards and Technology (NIST) SP 800-16: Federal agencies and organizations cannot protect the integrity, confidentiality, and availability of information in today's highly networked systems environment without ensuring that each person involved understands their roles and responsibilities and is adequately trained to perform them. Delivery methods include: 1) One-on-One Method 2) Formal Class 3) Computer-Based Training 4) Distance learning / Web Seminars 5) User Support Groups 6) On The Job Training 7) Self-Study Methodologies for Implementing Security and Privacy Training Step One: Identify the Programs Scope, Goals, and Objectives Step Two: Identify the training staff Step Three: Identify the Audience Step Four: Motivation Step Five: Administer The Security Training Step Six and Seven: Listen to Employee feedback, evolve the program to increase its effectiveness. 2 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  3. FSU Unit Training Resources The primary training coordinator for your unit is the Unit Privacy Coordinator (UPC). ISPO provides some training assistance; however, it is primarily the responsibility of the local unit to maintain and execute a training program. The following pages contain training resources to assist the UPC in meeting university policy requirements for unit training activities.  Securing the Human at http://security.fsu.edu Click on “Register for Security Awareness Training” to access SANS Securing the Human training resources. This service is free to units. Users can self-register to begin online training or bulk registration via Philip Kraemer <Philip.Kraemer@fsu.edu> 3 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  4. Each user can select a track of videos to match their job function. 4 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  5.  Family Educational Rights and Privacy Act (FERPA) Presentation developed by the FSU Registrar http://security.fsu.edu/content/download/334284/2224031/ferpa.ppt  Florida Information Protection Act http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy- office/training/Florida%20Information%20Protection%20Act%20of%202014%20%28FIPA%29.pptx 5 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  6.  FSU Information Technology Incident Response Procedures http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy-office/training- slides/FSU%20Incident%20Response%20Training.pptx 6 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  7.  Lynda.com University enterprise funded online training resources. Authenticate with your logon credentials at my.fsu.edu and click on “Secure Apps” option under “Faculty and Staff”: Click on Lynda.com Online Training option: 7 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  8. Enter “IT Privacy” or “IT Security” to find courses: 8 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  9. Other IT Security and Privacy Training Resources  Federal Virtual Training Environment (FedVTE) FSU faculty and staff are able to create accounts on FedVTE to access online training components for IT security and privacy. https://fedvte.usalearning.gov/portal.php 9 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  10. Several data security and privacy courses are offered for network/system administrators. 10 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  11.  Health Insurance Portability and Accountability Act (HIPAA)- Patient Health Information for Covered Entities and Units with Business Associates Agreements https://www.healthit.gov/providers-professionals/guide-privacy-and-security-electronic-health-information 11 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  12.  Gramm-Leach-Bliley Act (GLB) – Student Financial Records https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying 12 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  13. Additional System/Network Administrator Training Links Reference the following links for more valuable information regarding information security and privacy.  EDUCAUSE https://www.educause.edu/careers/educause-institute  SANS SANS offers training through several delivery methods - live & virtual, classroom- style, online at your own pace or webcast with live instruction, guided study with a local mentor, or privately at your workplace where even your most remote colleagues can join in via Simulcast. Courses developed by industry leaders in numerous fields including cyber security training, network security, forensics, audit, security leadership, and application security. https://www.sans.org/  Secure Florida BusinesSafe is designed to involve local businesses in protecting the safety and well- being of Florida’s residents and visitors from threats – man-made or natural. BusinesSafe and Secure Florida have partnered to provide businesses with the necessary tools to keep Florida’s citizens, visitors and businesses safe from physical and cyber threats. http://secureflorida.org/businessafe 13 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

Recommend


More recommend