8.2.1 Security and Awareness Training

This procedure outlines the College's commitment to information security awareness and training for all College employees. The goal of this procedure is to ensure every employee understands their role in protecting the College's sensitive information and systems from cyber threats.

1. All new College employees must complete mandatory information security awareness training within their first 90 days of employment.

2. All College employees must complete annual information security refresher training to update their knowledge of evolving cyber threats and security best practices.

3. Additional training will be provided to individuals based on their role and access to sensitive information or privileged operations.

4. Training Content:

   1. Information security awareness training shall include:

      1. Cybersecurity fundamentals: Types of cyber threats, common vulnerabilities, and basic security concepts.

      2. Password security: Strong password creation, safe password storage, and avoiding phishing attempts.

      3. Phishing and social engineering: Recognizing and avoiding phishing attacks and social engineering scams.

      4. Safe internet browsing: Secure browsing practices, malware prevention, and online privacy guidelines.

      5. Data security: Data classification, handling sensitive information, and reporting data breaches.

      6. Acceptable use policy: Understanding and adhering to the College's acceptable use policy for technology and data.

      7. Additional materials as determined by the CIO or College Leadership