Recent Searches

Loading Search Results...
Loading Directory Results...
Close

History

Close

Recent Pages

Recent Searches

PantherTech Support

ITS Security Awareness and Training Policy

Policy Statement

To ensure the education of all University employees, security awareness and security training sessions will be made available to all employees upon joining the University, prior to any major system and/or application change, and in accordance with regulatory and contractual obligations.

Entities Affected By This Policy

The policy affects the Information Security group as well as individuals and groups responsible for operating an information resource.

Contacts

EIU Information Security 217-581-1939

Principle

Security Awareness

  • Employees of university information systems will receive basic security awareness training within a short period of joining the university.
    • Supervisors are responsible for ensuring that all new members of the University’s staff receives basic awareness training
  • Additional awareness training for specific groups, departments and individuals will be provided upon request from the group, department, and/or individual
  • The Information Security group with take advantage of internal University publications as part of the ongoing security awareness program
  • Security awareness trainings mandated by local, State or Federal regulations and/or contractual obligations will take place in accordance with regulatory and contractual timetables for such activities

Security Training

  • Any staff member with significant information resource responsibilities will receive information system specific training to ensure the proper and secure operation of the system
    • Such individuals include, but are not limited to:
      • System operators
      • System administrators
      • Network administrators
      • Application programmers
      • Technical support
      • Customer support
      • Information security managers
      • Information security engineers
  • Any individual responsible for the implementation of a new information resource and/or information resource change that significantly alters the handling of university information will train all intended users prior to system implementation.

Contractors and General Person(s) Training 

All contractors and users established as general person(s) are required to complete security awareness essentials training. The purpose of this training is to educate users on the importance of information security and to help them understand the risks associated with unauthorized access or disclosure of university systems and data.

  • This training requirement applies to all contractors and general person(s) who have access to university data or systems.
  • The training must be completed within 30 days of being granted access to university data or systems. The training course will cover topics such as:
    • The importance of information security.
    • The risks associated with unauthorized access to or disclosure of university data.
    • Security best practices, such as strong passwords, data encryption, and phishing prevention.
  • Reporting: Contractors must report any suspected security incidents to the university immediately.
  • Failure to comply with this policy may result in the removal of access to any university systems and data.

In addition to the above, the following are some specific security awareness tips for all EIU users:

  • Use strong passwords and do not repeat previously used passwords.
  • Do not share your passwords with anyone.
  • Be careful about what information you click on in emails.
  • Do not open attachments from unknown senders.
  • Be aware of phishing scams.

Learn more on how to report phishing:

If you are a Contractor or General Person(s), and need to complete this training, follow the instructions in the email on how to complete your mandated security awareness training.

If you are considered a Staff or Faculty member, please visit:

External Security Contact

  • The Information Security group will develop and maintain contacts with local, state and national security-related groups to keep abreast of current security issues and concerns. Such groups include, but are not limited to:
    • EDUCAUSE Security Task Force
    • InfraGard
    • Research Educational Network Information Sharing and Analysis Center (REN-ISAC)
    • Other security professionals at Illinois colleges and universities
    • Local, State and Federal law enforcement cyber-crime units
  • The Information Security group will disseminate security related news and alerts from external groups to the necessary University departments as needed
  • Only the Information Security group staff members and University leadership are authorized to officially represent the University in dealings with external securityrelated groups

Related Documents

TBD

Supporting Policies, Procedures and Guidelines

Cybersecurity Training

Last Date Reviewed: 05/23/2023