INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan - - PDF document

information risk management program
SMART_READER_LITE
LIVE PREVIEW

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan - - PDF document

Feb 25, 2023 250 likes •385 views

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security & Privacy Office June 8, 2017 Information Security and Privacy Plan Goal 2: Training and Outreach People are the

slide-1
SLIDE 1

INFORMATION TECHNOLOGY SERVICES

INFORMATION RISK MANAGEMENT PROGRAM

Developing a Unit Training Plan

Information Security & Privacy Office June 8, 2017

slide-2
SLIDE 2

2 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

Information Security and Privacy Plan – Goal 2: Training and Outreach

People are the most critical component when it comes to protecting data and

  • information. When fellow security and privacy best practices, they our best assets:

when they don’t, they are our greatest risk. An effective level of awareness is essential to protect FSU’s IT resources and information. The Plan A training plan can be defined as an educational program that is designed to reduce the number of security and privacy breaches that occur through a lack of employee

  • awareness. It targets all users in an organization with specific programs for their

jobs and level of technical expertise. The unit training plan holds employees accountable for their actions by communicating policy to all users. The primary plan deliverable is developing skills and knowledge so that users can perform their jobs using IT systems more securely. The training plan also sets the security tone for the faculty and staff of your unit, especially if it is made part of their onboarding

  • rientation. According to the National Institute of Standards and Technology

(NIST) SP 800-16: Federal agencies and organizations cannot protect the integrity, confidentiality, and availability of information in today's highly networked systems environment without ensuring that each person involved understands their roles and responsibilities and is adequately trained to perform them. Delivery methods include: 1) One-on-One Method 2) Formal Class 3) Computer-Based Training 4) Distance learning / Web Seminars 5) User Support Groups 6) On The Job Training 7) Self-Study Methodologies for Implementing Security and Privacy Training Step One: Identify the Programs Scope, Goals, and Objectives Step Two: Identify the training staff Step Three: Identify the Audience Step Four: Motivation Step Five: Administer The Security Training Step Six and Seven: Listen to Employee feedback, evolve the program to increase its effectiveness.

slide-3
SLIDE 3

3 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

FSU Unit Training Resources

The primary training coordinator for your unit is the Unit Privacy Coordinator (UPC). ISPO provides some training assistance; however, it is primarily the responsibility

  • f the local unit to maintain and execute a training program. The following pages

contain training resources to assist the UPC in meeting university policy requirements for unit training activities.

  • Securing the Human at http://security.fsu.edu

Click on “Register for Security Awareness Training” to access SANS Securing the Human training resources. This service is free to units. Users can self-register to begin online training or bulk registration via Philip Kraemer <Philip.Kraemer@fsu.edu>

slide-4
SLIDE 4

4 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7 Each user can select a track of videos to match their job function.

slide-5
SLIDE 5

5 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  • Family Educational Rights and Privacy Act (FERPA)

Presentation developed by the FSU Registrar

http://security.fsu.edu/content/download/334284/2224031/ferpa.ppt

  • Florida Information Protection Act

http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy-

  • ffice/training/Florida%20Information%20Protection%20Act%20of%202014%20%28FIPA%29.pptx
slide-6
SLIDE 6

6 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  • FSU Information Technology Incident Response Procedures

http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy-office/training-

slides/FSU%20Incident%20Response%20Training.pptx

slide-7
SLIDE 7

7 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  • Lynda.com

University enterprise funded online training resources. Authenticate with your logon credentials at my.fsu.edu and click on “Secure Apps”

  • ption under “Faculty and Staff”:

Click on Lynda.com Online Training option:

slide-8
SLIDE 8

8 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7 Enter “IT Privacy” or “IT Security” to find courses:

slide-9
SLIDE 9

9 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

Other IT Security and Privacy Training Resources

  • Federal Virtual Training Environment (FedVTE)

FSU faculty and staff are able to create accounts on FedVTE to access online training components for IT security and privacy. https://fedvte.usalearning.gov/portal.php

slide-10
SLIDE 10

10 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7 Several data security and privacy courses are offered for network/system administrators.

slide-11
SLIDE 11

11 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  • Health Insurance Portability and Accountability Act (HIPAA)-

Patient Health Information for Covered Entities and Units with Business Associates Agreements

https://www.healthit.gov/providers-professionals/guide-privacy-and-security-electronic-health-information

slide-12
SLIDE 12

12 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

  • Gramm-Leach-Bliley Act (GLB) –Student Financial Records

https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying

slide-13
SLIDE 13

13 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7

Additional System/Network Administrator Training Links

Reference the following links for more valuable information regarding information security and privacy.

  • EDUCAUSE

https://www.educause.edu/careers/educause-institute

  • SANS

SANS offers training through several delivery methods - live & virtual, classroom- style, online at your own pace or webcast with live instruction, guided study with a local mentor, or privately at your workplace where even your most remote colleagues can join in via Simulcast. Courses developed by industry leaders in numerous fields including cyber security training, network security, forensics, audit, security leadership, and application security. https://www.sans.org/

  • Secure Florida

BusinesSafe is designed to involve local businesses in protecting the safety and well-being of Florida’s residents and visitors from threats – man-made or natural. BusinesSafe and Secure Florida have partnered to provide businesses with the necessary tools to keep Florida’s citizens, visitors and businesses safe from physical and cyber threats. http://secureflorida.org/businessafe