Security Education and Awareness Suggestions
Each department and unit has a responsibility to provide opportunities to make faculty and staff aware of policies and best practices for creating a secure information technology environment. Each department will have unique situations and requirements. These are suggestions for setting up a security awareness program.
- Designate a time when security awareness takes place. Some opportune times are during a departmental orientation as new faculty and staff is hired, during the annual review process, at departmental meetings, or through departmental communications.
- Designate a person to be responsible for security awareness.
-
Prepare a checklist of items to cover. These might include:
- Review university policies (Policy Library)
- Review IT Services policies and best practices
- Review college IT policies and best practices
- Review department IT policies and best practices
- Review regulations applicable to the department (e.g. FERPA, PCI, GLBA, HIPAA)
- Review what information is considered sensitive by the university, college, department
- Review where and how sensitive information is stored in the department
- Identify department personnel to help secure equipment
- Identify who to discuss suspicious activity that might be security incidents
-
Look for campus resources.
- A college might designate a person to do security awareness and education for departments
- IT Services Security and Policies area is available to provide guidance
- IT Services website with policies, best practices, and guidelines
- Colleges websites
- Campus listserves such as CCSG
- Campus committees such as CCSG, SECSIG, Network Coordinators
- Campus training related to security (http://www.it.iastate.edu/training/)
-
Look for off-campus resources.
- Security seminars and webinars
- Websites of organizations such as NIST, SANS, and EDUCAUSE
- Colleagues at other universities
- Document security opportunities on the annual review form or in department annual reports.
