Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

Education and Awareness - UTMB Health, The University of Texas

advertisement 
OFFICE OF INFORMATION SECURITY
University of Texas Medical Branch at Galveston
Information Security Officer
PRACTICE STANDARD: Family 2.0 Awareness & Training
2.1 Information Security Education
& Awareness Program
Created Date: Sept. 03, 2002
Review Date: April 19, 2013
Revise Date: April 19, 2013
Introduction
UTMB cannot protect the confidentiality, integrity, and availability of information in today’s highly
networked systems environment without ensuring that all people involved in using and
managing IT:
1. Understand their roles and responsibilities related to UTMB’s mission.
2. Understand UTMB’s information resource security policies, practice standards and
procedures.
3. Have adequate knowledge of the various management, operational, and technical controls
required and available to protect the IT resources for which they are responsible.
It is generally understood by the IT security professional community that people are strongest
and weakest links when it comes to securing systems and networks. The “people factor” - not
technology - is key to providing an adequate and appropriate level of security. If people are the
key, but are also a weak link, more and better attention must be paid to this “asset.” Security
training and awareness program is paramount to ensuring that people understand their IT
security responsibilities, policies and practice standards.
Purpose
The purpose of this practice standard is to set policy for UTMB’s Information Security Training
and awareness program. It is also intended define responsibilities for all personnel who is
involved in the information security program.
Audience
The practice standard applies to all personnel who has access to any UTMB owned or managed
information resource.
Confidential Digital Data Management
Confidential digital data includes social security numbers, protected health information,
confidential research data, digital data associated with an individual and/or digital data protected
by law. Confidential digital data must be secured and protected while at rest on mobile
computing/storage devices, i.e. portable hard drives, flash drives, removable media, laptops,
smart phone, etc. and while in transit via email, the Internet or non-trusted networks.
Privacy
Electronic files created, sent, received, or stored on IR owned, leased, administered, or
otherwise under the custody and control of UTMB are not private and may be accessed by
appropriate personnel in accordance with the provisions and safeguards provided in the Texas
Administrative Code 1 TAC §§202 (Information Security Standards), the Texas Public
Information Act and in the University of Texas System UTS 165 – Information Resources Use
and Security Policy.
OFFICE OF INFORMATION SECURITY
University of Texas Medical Branch at Galveston
Information Security Officer
PRACTICE STANDARD
2.1 Information Security Education & Awareness Program, continued
Practice Standards
A. Training and Awareness Responsibilities - The Information Security Officer (ISO),
working with the Department of Occupational Training and Development will develop,
publish, maintain and manage a comprehensive information security training and
awareness program that will adequately educate Information Security Administrator’s
and end-users on how to properly protect the information that is entrusted to them.
B. End-user Training - Initial security training will be delivered at New Hire Orientation and
will consist of an overview of the following topics:
1)
2)
3)
4)
5)
6)
7)
8)
acceptable use
data classifications
privacy statement
key roles and responsibilities
statutory authority
how you can help
failure to comply (individually)
failure to comply (institutionally)
C. Mandatory annual end-user training will be delivered utilizing UTMB’s on-line compliance
training system. The course will consist of the following topics:
1)
2)
3)
4)
5)
6)
7)
8)
acceptable use
data classifications
privacy statement
key roles and responsibilities
statutory authority
how you can help
failure to comply (individually)
failure to comply (institutionally)
D. Information Security Administrators and Program Developer Training - Information
security administrators, security analysts and program developers are required to obtain
8 hours of Continuing Professional Education (CPE) credits with an emphasis on
information Security per year. CPE Credits can be obtained by the following:
1) Attend security related user groups
a) ISA quarterly meetings
b) Infragard monthly meetings
c) UTInfoSec bi-annual conferences
2) Attend formal training with an emphasis on security
a) Professional development classes
b) UTMB sponsored security training
3) Provide Security related presentations/training to the ISA Council
OFFICE OF INFORMATION SECURITY
University of Texas Medical Branch at Galveston
Information Security Officer
PRACTICE STANDARD
2.1 Information Security Education & Awareness Program, continued
E. OIS will develop, an information security awareness program aimed at reminding UTMB
personnel the importance of information security and provide tips on how to be compliant
with published standards and policies. OIS will, at a minimum:
1) Publish security awareness articles in the UTMB newsletter, Impact Newsletter, at
least quarterly.
2) Develop, publish and maintain an information security website with user awareness
tips and other pertinent security related materials.
3) Work with department chairs and directors to construct information security related
emails that will be sent by the department to their respective staff.
4) On an annual basis, present security related material at IS sponsored technology
forums.
5) Work with the Office of University Advancement; and during the month of October
(National Information Security Awareness Month), to produce security awareness
literature and posters to be displayed in high traffic areas and on electronic
billboards, i.e., TV’s, plasma screens, etc.
Disciplinary Actions
Violations of this policy may result in disciplinary action which may include termination for
employees; a termination of employment relations in the case of contractors or consultants;
or suspension or expulsion in the case of a student. Additionally, individuals are subject to
loss of UTMB IR access privileges, civil and/or criminal prosecution.
References
Texas Administrative Code, Chapter 202.75 Information Security Standards
UT System Policy, UTS-165 Information Resources Use and Security Policy
Payment Card Industry – Data Security Standard 2.0
NIST 800-53 Security and Privacy Controls for Federal Information Systems and
Organizations
Approvals and Revision History
A) Approval – Information Security Officer
B) Revision History
Apr. 19, 2013 Applied new practice standard format
Removed “Implications” section
OFFICE OF INFORMATION SECURITY
University of Texas Medical Branch at Galveston
Information Security Officer
PRACTICE STANDARD
2.1 Information Security Education & Awareness Program, continued
16
Related documents
5/9/16 Job Title Employer/
5/9/16 Job Title Employer/
Commodity Classification Request Information Sheet Name of UTMB Faculty (Provider): Department:__________________
Commodity Classification Request Information Sheet Name of UTMB Faculty (Provider): Department:__________________
UTMB RECORD OF EXPORT CONTROL REVIEW FORM For Confidential Disclosure Agreements
UTMB RECORD OF EXPORT CONTROL REVIEW FORM For Confidential Disclosure Agreements
Providing Feedback and Evaluation The Community Physician’s Role in Medical Student Education
Providing Feedback and Evaluation The Community Physician’s Role in Medical Student Education
Professor Gray gave a health policy lecture at the University... to the Galveston Daily News on Wednesday, March 2, 2011.
Professor Gray gave a health policy lecture at the University... to the Galveston Daily News on Wednesday, March 2, 2011.
Question
Question
OPTICAL MICROSCOPY CORE
OPTICAL MICROSCOPY CORE
Download
advertisement