information risk management...
Post on 21-Jun-2020
3 Views
Preview:
TRANSCRIPT
INFORMATION TECHNOLOGY SERVICES
INFORMATION RISK
MANAGEMENT PROGRAM Developing a Unit Training Plan
Information Security & Privacy Office
June 8, 2017
2 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Information Security and Privacy Plan –
Goal 2: Training and Outreach
People are the most critical component when it comes to protecting data and
information. When fellow security and privacy best practices, they our best assets:
when they don’t, they are our greatest risk. An effective level of awareness is
essential to protect FSU’s IT resources and information.
The Plan
A training plan can be defined as an educational program that is designed to reduce
the number of security and privacy breaches that occur through a lack of employee
awareness. It targets all users in an organization with specific programs for their
jobs and level of technical expertise. The unit training plan holds employees
accountable for their actions by communicating policy to all users. The primary
plan deliverable is developing skills and knowledge so that users can perform their
jobs using IT systems more securely. The training plan also sets the security tone
for the faculty and staff of your unit, especially if it is made part of their onboarding
orientation. According to the National Institute of Standards and Technology
(NIST) SP 800-16: Federal agencies and organizations cannot protect the integrity,
confidentiality, and availability of information in today's highly networked systems
environment without ensuring that each person involved understands their roles
and responsibilities and is adequately trained to perform them.
Delivery methods include:
1) One-on-One Method
2) Formal Class
3) Computer-Based Training
4) Distance learning / Web Seminars
5) User Support Groups
6) On The Job Training
7) Self-Study
Methodologies for Implementing Security and Privacy Training
Step One: Identify the Programs Scope, Goals, and Objectives
Step Two: Identify the training staff
Step Three: Identify the Audience
Step Four: Motivation
Step Five: Administer The Security Training
Step Six and Seven: Listen to Employee feedback, evolve the program to
increase its effectiveness.
3 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
FSU Unit Training Resources
The primary training coordinator for your unit is the Unit Privacy Coordinator (UPC).
ISPO provides some training assistance; however, it is primarily the responsibility
of the local unit to maintain and execute a training program. The following pages
contain training resources to assist the UPC in meeting university policy
requirements for unit training activities.
Securing the Human at http://security.fsu.edu
Click on “Register for Security Awareness Training” to access SANS Securing the
Human training resources. This service is free to units.
Users can self-register to begin online training or bulk registration via Philip
Kraemer <Philip.Kraemer@fsu.edu>
4 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Each user can select a track of videos to match their job function.
5 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Family Educational Rights and Privacy Act (FERPA)
Presentation developed by the FSU Registrar
http://security.fsu.edu/content/download/334284/2224031/ferpa.ppt
Florida Information Protection Act
http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy-
office/training/Florida%20Information%20Protection%20Act%20of%202014%20%28FIPA%29.pptx
6 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
FSU Information Technology Incident Response Procedures
http://security.fsu.edu/sites/g/files/upcbnu581/files/legacy/information-security-and-privacy-office/training-
slides/FSU%20Incident%20Response%20Training.pptx
7 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Lynda.com
University enterprise funded online training resources.
Authenticate with your logon credentials at my.fsu.edu and click on “Secure Apps”
option under “Faculty and Staff”:
Click on Lynda.com Online Training option:
8 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Enter “IT Privacy” or “IT Security” to find courses:
9 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Other IT Security and Privacy Training Resources
Federal Virtual Training Environment (FedVTE)
FSU faculty and staff are able to create accounts on FedVTE to access online
training components for IT security and privacy.
https://fedvte.usalearning.gov/portal.php
10 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Several data security and privacy courses are offered for network/system administrators.
11 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Health Insurance Portability and Accountability Act (HIPAA)-
Patient Health Information for Covered Entities and Units with Business Associates Agreements
https://www.healthit.gov/providers-professionals/guide-privacy-and-security-electronic-health-information
12 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Gramm-Leach-Bliley Act (GLB) –Student Financial Records
https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying
13 | P a g e F S U P r i v a c y & S e c u r i t y T r a i n i n g R e s o u r c e s 1 - 1 8 - 2 0 1 7
Additional System/Network Administrator Training Links
Reference the following links for more valuable information regarding information
security and privacy.
EDUCAUSE
https://www.educause.edu/careers/educause-institute
SANS
SANS offers training through several delivery methods - live & virtual, classroom-style, online at your own pace or webcast with live instruction, guided study with a
local mentor, or privately at your workplace where even your
most remote colleagues can join in via Simulcast. Courses developed by industry leaders in numerous fields including
cyber security training, network security, forensics, audit, security leadership, and application security.
https://www.sans.org/
Secure Florida
BusinesSafe is designed to involve local businesses in protecting the safety and
well-being of Florida’s residents and visitors from threats – man-made or natural.
BusinesSafe and Secure Florida have partnered to provide businesses with the necessary tools
to keep Florida’s citizens, visitors and businesses safe from physical and cyber threats.
http://secureflorida.org/businessafe
top related