Skip to main content

AT-3 Role-Based Security Training

Description

The University shall provide role-based information security training to staff with information security responsibilities.

Applicability

The Chief Information Security Officer (CISO), or designee is responsible for ensuring that the measures described in this Control are implemented.

Implementation

1 - It is the responsibility of the CISO, or designee, to ensure role-based security training is completed by information technology staff with assigned security roles and responsibilities:
- 1.1 - Before authorizing access to information resources or performing assigned duties;
- 1.2 - When required by information resource changes; and
- 1.3 - Annually, thereafter.

Description
Applicability
Implementation