ROWAN UNIVERSITY POLICY
Title: Security Awareness and Training
Subject: Information Security
Policy No: ISO:2014:02
Issuing Authority: Senior Vice President for Information Resources and Technology and Chief Information Officer
Responsible Officer: Director of Information Security
Date Adopted: 06/01/2014
Last Revision: 03/20/2019
Last Review: 03/20/2019
This policy establishes the requirement for information security awareness, training and education for members of the Rowan community who have access to the University's information systems and information assets, in accordance with all applicable federal, state, and local laws governing the use of computers and the Internet.
Under the direction of the President, the Chief Information Officer and Director of Information Security shall ensure compliance with this policy. The Vice Presidents, Deans, and other members of management will implement this policy in their respective areas.
This policy applies to all members of the Rowan Community who access and use the University's electronic information and information systems.
Refer to Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.
- The Information Security Office (ISO) will provide and implement Information Security Awareness, Training and Education for all members of the Rowan Community and ensure ongoing maintenance and enhancements to the training and education content.
- All members of the Rowan Community that have access to information assets must complete Security Awareness Training upon arrival at Rowan University.
- All members of the Rowan Community that have access to information assets must annually complete refresher training.
- Remedial training will be required for any user whose account has been reported to be compromised
- Security Awareness Training content will be reviewed and updated annually by the Information Security Office (ISO).
- The Information Security Office (ISO) will provide an annual security awareness training report and monthly updates to the IT Security Board (ITSB).
- The manager is responsible for ensuring that each of their direct reports have completed the Security Awareness Training.
VI. NON-COMPLIANCE AND SANCTIONS
Individuals and departments who do not adhere to this policy may be subject to disciplinary actions and/or the removal of system access.
By Direction of the CIO:
SVP and Chief Information Officer