Module1 - University of Houston

advertisement
General Awareness Training
Security Awareness
Module 1
Overview and Requirements
1
Overview





Why do we need Security Awareness?
Because Computer security is everyone’s
responsibility.
Employees and students must become aware of their
individual and shared information security responsibilities and
liabilities.
Employees and students must become concerned about the
consequences of not protecting their personal computers and
information on the university network.
Employees and students must take action to secure their
identity on the university network and report security incidents
to Security and Disaster Recovery (SDR).
2
What are the individual and institutional security
requirements?





Federal and State Requirements Additional Information
University of Houston Requirements Additional Information
IT Requirements Additional Information
Research Requirements Additional Information
Residential Life and Housing Requirements Additional
Information



College Requirements Additional Information
Contractual Requirements Additional Information
Auxiliary's Requirements Additional Information
3
Federal Requirements

Federal regulations require all users of information

Family Educational Rights and Privacy Act (FERPA)
technology systems to conform with certain basic
requirements and receive annual IT security awareness
training
Schools must have written permission from parents or eligible
student in order to release any information from a student’s
education record
4
cont.

Federal Requirements
Health Insurance Portability and Accountability Act
(HIPAA)


Protects health insurance coverage for workers and their
families when they change or lose their job
Gramm-Leach-Bliley Financial Services
Modernization Act (GLB)

Requires financial institutions to take steps to ensure the
security and confidentiality of customer records such as
names, addresses, phone numbers, bank and credit card
account numbers, income and credit histories and Social
Security numbers. Return
5
State Requirements

Texas Administrative Code (TAC) 2.02




Applicable terms and technology for Information Security
and Disaster Recovery
Security standards for Institutions of Higher Education
Texas Public Information Act
Texas Penal Code Section 33.03, Accessing a
computer network or system without proper
authorization Return
6
University of Houston
Requirements


Security Orientation and Training
Connecting Devices to University Communication Network
http://www.uh.edu/mapp/10/100304pol.htm

U of H Computer Policies and Guidelines
http://www.uh.edu/infotech/php/template.php?nonsvc_id=25




Appropriate Use of Computing Resources
http://www.uh.edu/infotech/php/template.php?nonsvc_id=285 z
Manual of Administrative Policies and Procedures
System Administrative Memoranda http://www.uh.edu
Information Security Manual http://www.uh.edu
http://www.uh.edu
Return
7
IT Requirements

General Computing Policies
http://www.uh.edu/infotech/php/template.php?nonsvc_id=27

Computer Security Violation Reporting
http://www.uh.edu/infotech/php/template.php?nonsvc_id=280

System Administrator Responsibilities
http://www.uh.edu/infotech/php/template.php?nonsvc_id=269

Individual Accountability
http://www.uh.edu/infotech/php/template.php?nonsvc_id=267

Data and Software Access Control
http://www.uh.edu/infotech/php/template.php?nonsvc_id=266

Information Security Manual
http://www.uh.edu/infotech/php/template.php?nonsvc_id=268

Return
8
Requirements that must be met by Each User!


Research Requirements Additional Information
Residential Life and Housing Requirements
Additional Information



College Requirements Additional Information
Contractual Requirements Additional Information
Auxiliary Requirements Additional Information

Additional Information
9
Download