General Awareness Training Security Awareness Module 1 Overview and Requirements 1 Overview Why do we need Security Awareness? Because Computer security is everyone’s responsibility. Employees and students must become aware of their individual and shared information security responsibilities and liabilities. Employees and students must become concerned about the consequences of not protecting their personal computers and information on the university network. Employees and students must take action to secure their identity on the university network and report security incidents to Security and Disaster Recovery (SDR). 2 What are the individual and institutional security requirements? Federal and State Requirements Additional Information University of Houston Requirements Additional Information IT Requirements Additional Information Research Requirements Additional Information Residential Life and Housing Requirements Additional Information College Requirements Additional Information Contractual Requirements Additional Information Auxiliary's Requirements Additional Information 3 Federal Requirements Federal regulations require all users of information Family Educational Rights and Privacy Act (FERPA) technology systems to conform with certain basic requirements and receive annual IT security awareness training Schools must have written permission from parents or eligible student in order to release any information from a student’s education record 4 cont. Federal Requirements Health Insurance Portability and Accountability Act (HIPAA) Protects health insurance coverage for workers and their families when they change or lose their job Gramm-Leach-Bliley Financial Services Modernization Act (GLB) Requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers. Return 5 State Requirements Texas Administrative Code (TAC) 2.02 Applicable terms and technology for Information Security and Disaster Recovery Security standards for Institutions of Higher Education Texas Public Information Act Texas Penal Code Section 33.03, Accessing a computer network or system without proper authorization Return 6 University of Houston Requirements Security Orientation and Training Connecting Devices to University Communication Network http://www.uh.edu/mapp/10/100304pol.htm U of H Computer Policies and Guidelines http://www.uh.edu/infotech/php/template.php?nonsvc_id=25 Appropriate Use of Computing Resources http://www.uh.edu/infotech/php/template.php?nonsvc_id=285 z Manual of Administrative Policies and Procedures System Administrative Memoranda http://www.uh.edu Information Security Manual http://www.uh.edu http://www.uh.edu Return 7 IT Requirements General Computing Policies http://www.uh.edu/infotech/php/template.php?nonsvc_id=27 Computer Security Violation Reporting http://www.uh.edu/infotech/php/template.php?nonsvc_id=280 System Administrator Responsibilities http://www.uh.edu/infotech/php/template.php?nonsvc_id=269 Individual Accountability http://www.uh.edu/infotech/php/template.php?nonsvc_id=267 Data and Software Access Control http://www.uh.edu/infotech/php/template.php?nonsvc_id=266 Information Security Manual http://www.uh.edu/infotech/php/template.php?nonsvc_id=268 Return 8 Requirements that must be met by Each User! Research Requirements Additional Information Residential Life and Housing Requirements Additional Information College Requirements Additional Information Contractual Requirements Additional Information Auxiliary Requirements Additional Information Additional Information 9