I. STANDARD STATEMENT

Information security awareness and training are vital components of UTSA’s Information security program. All users of UTSA computing resources must be aware of their role and responsibilities in the protection of information and trained to fulfill their responsibilities.

II. RATIONALE

This standard supports HOP Policy 8-12 Information Resources Use and Security Policy

III. SCOPE

This standard applies to all UTSA faculty, staff, and students.

IV. CONTACTS

The Office of Information Security
informationsecurity@utsa.edu

V. PROCEDURES

  1. Required Training
    1. University employees and others granted access to the university computing systems must complete training within the first 30 days of their receiving an account.
    2. University employees and others granted access to the university computing systems must complete regular refresher training that reinforces information security practices and concepts.
    3. The Office of Information Security will provide regular updates and reminders about information security issues, awareness and available training opportunities for university  employees and others granted access to the university computing systems.
    4. Training objectives and content must be aligned with the role and responsibility of the trainees, and must be reviewed regularly to reflect changes in technology policy or practice.
  2. Required Topics for Training
    1. Information security significance and importance.
    2. Structure of the Information Security program at UTSA and UT System.
    3. Information security and privacy responsibilities.
    4. Relevant policies, materials and documentation.
    5. Information security best practices.
  3. Training content and attendance shall be documented and made available to the Office of Information Security upon request.

OIS 16 – Standard for Information Security Training
Effective Date: April 1, 2011
Last Revised: July 30, 2020