1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
-
Upload
emily-banks -
Category
Documents
-
view
215 -
download
0
Transcript of 1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
1
General Awareness Training
Security AwarenessModule 1
Overview and Requirements
2
Overview Why do we need Security Awareness? Because Computer security is everyone’s
responsibility.
Employees and students must become aware of their individual and shared information security responsibilities and liabilities.
Employees and students must become concerned about the consequences of not protecting their personal computers and information on the university network.
Employees and students must take action to secure their identity on the university network and report security incidents to Security and Disaster Recovery (SDR).
3
What are the individual and institutional security requirements?
Federal and State Requirements Additional Information
University of Houston Requirements Additional Information
IT Requirements Additional Information
Research Requirements Additional Information
Residential Life and Housing Requirements Additional Information
College Requirements Additional Information
Contractual Requirements Additional Information
Auxiliary's Requirements Additional Information
4
Federal Requirements
Federal regulations require all users of information technology systems to conform with certain basic requirements and receive annual IT security awareness training
Family Educational Rights and Privacy Act (FERPA) Schools must have written permission from parents or eligible student in order to release any information from a student’s education record
5
cont. Federal Requirements
Health Insurance Portability and Accountability Act (HIPAA)
Protects health insurance coverage for workers and their families when they change or lose their job
Gramm-Leach-Bliley Financial Services Modernization Act (GLB)
Requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers. Return
6
State Requirements
Texas Administrative Code (TAC) 2.02 Applicable terms and technology for Information
Security and Disaster Recovery Security standards for Institutions of Higher
Education Texas Public Information Act Texas Penal Code Section 33.03, Accessing
a computer network or system without proper authorization Return
7
University of Houston Requirements
Security Orientation and Training Connecting Devices to University Communication
Network http://www.uh.edu/mapp/10/100304pol.htm
U of H Computer Policies and Guidelines http://www.uh.edu/infotech/php/template.php?nonsvc_id=25
Appropriate Use of Computing Resources http://
www.uh.edu/infotech/php/template.php?nonsvc_id=285 z Manual of Administrative Policies and Procedures http://
www.uh.edu
System Administrative Memoranda http://www.uh.edu Information Security Manual http://www.uh.edu
Return
8
IT Requirements
General Computing Policies http://www.uh.edu/infotech/php/template.php?nonsvc_id=27
Computer Security Violation Reporting http://www.uh.edu/infotech/php/template.php?nonsvc_id=280
System Administrator Responsibilities http://www.uh.edu/infotech/php/template.php?nonsvc_id=269
Individual Accountability http://www.uh.edu/infotech/php/template.php?nonsvc_id=267
Data and Software Access Control http://www.uh.edu/infotech/php/template.php?nonsvc_id=266
Information Security Manual http://www.uh.edu/infotech/php/template.php?nonsvc_id=268
Return
9
Requirements that must be met by Each User!
Research Requirements Additional Information
Residential Life and Housing Requirements Additional Information
College Requirements Additional Information
Contractual Requirements Additional Information
Auxiliary Requirements Additional Information Additional Information