100 likes | 297 Views
General Awareness Training. Security Awareness Module 1 Overview and Requirements. Overview. Why do we need Security Awareness? Because Computer security is everyone’s responsibility.
E N D
General Awareness Training Security Awareness Module 1 Overview and Requirements
Overview • Why do we need Security Awareness? • Because Computer security is everyone’s responsibility. • Employees and students must become aware of their individual and shared information security responsibilities and liabilities. • Employees and students must become concerned about the consequences of not protecting their personal computers and information on the university network. • Employees and students must take action to secure their identity on the university network and report security incidents to Security and Disaster Recovery (SDR).
What are the individual and institutional security requirements? • Federal and State Requirements Additional Information • University of Houston Requirements Additional Information • IT Requirements Additional Information • Research Requirements Additional Information • Residential Life and Housing Requirements Additional Information • College Requirements Additional Information • Contractual Requirements Additional Information • Auxiliary's Requirements Additional Information
Federal Requirements • Federal regulations require all users of information technology systems to conform with certain basic requirements and receive annual IT security awareness training • Family Educational Rights and Privacy Act (FERPA) Schools must have written permission from parents or eligible student in order to release any information from a student’s education record
cont. Federal Requirements • Health Insurance Portability and Accountability Act (HIPAA) • Protects health insurance coverage for workers and their families when they change or lose their job • Gramm-Leach-Bliley Financial Services Modernization Act (GLB) • Requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers. Return
State Requirements • Texas Administrative Code (TAC) 2.02 • Applicable terms and technology for Information Security and Disaster Recovery • Security standards for Institutions of Higher Education • Texas Public Information Act • Texas Penal Code Section 33.03, Accessing a computer network or system without proper authorization Return
University of Houston Requirements • Security Orientation and Training • Connecting Devices to University Communication Network http://www.uh.edu/mapp/10/100304pol.htm • U of H Computer Policies and Guidelines http://www.uh.edu/infotech/php/template.php?nonsvc_id=25 • Appropriate Use of Computing Resources http://www.uh.edu/infotech/php/template.php?nonsvc_id=285 z • Manual of Administrative Policies and Procedures http://www.uh.edu • System Administrative Memoranda http://www.uh.edu • Information Security Manual http://www.uh.eduReturn
IT Requirements • General Computing Policies http://www.uh.edu/infotech/php/template.php?nonsvc_id=27 • Computer Security Violation Reporting http://www.uh.edu/infotech/php/template.php?nonsvc_id=280 • System Administrator Responsibilities http://www.uh.edu/infotech/php/template.php?nonsvc_id=269 • Individual Accountability http://www.uh.edu/infotech/php/template.php?nonsvc_id=267 • Data and Software Access Control http://www.uh.edu/infotech/php/template.php?nonsvc_id=266 • Information Security Manual http://www.uh.edu/infotech/php/template.php?nonsvc_id=268 • Return
Requirements that must be met by Each User! • Research Requirements Additional Information • Residential Life and Housing Requirements Additional Information • College Requirements Additional Information • Contractual Requirements Additional Information • Auxiliary RequirementsAdditional Information • Additional Information