Policy Category | Policy No. & Title | Policy Owner | Effective Date | Revision Number | Revision Eff. Date | Review Cycle |
---|---|---|---|---|---|---|
X Information Governance, Security & Technology |
X-1.05 Information Security Awareness & Training |
VP of Information Security | July 1, 2021 | N/A | N/A | Every 3 years |
The purpose of this policy is to establish the minimum requirements for the University's Security Awareness and Training Program. The Security Awareness and Training Program aims to strengthen the University's overall security posture through the education of basic cybersecurity best practices, informing and highlighting the responsibilities of Employees regarding their Information Security obligations, and raising awareness around University Information Security policies, procedures, and standards. As members of the UMGC community, Employees have an obligation to demonstrate an understanding of security awareness as it applies to their unique role and responsibility as the best defense to ensure the protection of the University's information, data, and reputation.
This policy and its supporting standards and procedures apply to all Employees that use University Information Systems and Information Resources.
Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.
Confidential Data: Data that requires restrictions on access and disclosure, including the protection of personal privacy and proprietary information.
Data Owner: The UMGC employees, or designees, who are responsible for determining User access and assigning Data Classifications to data originating from or residing in their respective business units.
Employee: University staff and faculty, including nonexempt, exempt, and overseas staff and collegiate faculty
Information Resource: Anything that is intended to generate, store, or transmit Information.
Information Security: The protection of Information and Information Systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Information Security Program: Provides a formal structure for (1) developing and maintaining University-wide security policies, (2) defines security principles that safeguard University computing resources, and (3) ensures compliance with internal and external regulations.
Information Systems: Inter-related components of Information Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of Information.
Privileged User: A user that is authorized to perform security-relevant functions that ordinary users are not authorized to perform.
Supervisor: An individual who has the authority to give instruction to an Employee or Contractor and can be held accountable for the Employee or Contractor's work and actions.
University: University of Maryland Global Campus
User: A University community member, including but not limited to, staff, faculty, students, alumni, and individuals working on behalf of the University, including third party vendors, Contractors, consultants, volunteers, and other individuals who may have a need to access, use, or control University Data.
Exceptions to this policy must be submitted to the VP of Information Security for review and approval.