Security Education and Awareness Procedures

1.0 Purpose

Security education and awareness refers to the methodology followed for training, educating, and generating awareness for information technology security in the workplace.

2.0 Scope

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, security education and awareness methods must be an integral part of the College of Public Health Information Technology procedures and guidelines. Documented procedures for security education and training reduce the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority.

3.0 Applicability

Security education and awareness plan is applicable to all College of Public Health departmental administrators and supervisors responsible for supervising employees and students. The Office of Information Technology is also applicable as a participant/administrator of security education and awareness procedures. Employees and students must participate, learn, and adhere to security procedures.

4.0 Guidelines

4.1 Required

All College of Public Health departmental administrators and supervisors must understand the importance of security education and awareness, including the process of educating employees and students.

4.2 Required

Good communication between departmental administrators and the College of Public Health Office of Information Technology is required, including the process and procedures for security education and awareness.

4.3 Required

All collegiate faculty, staff, and students must be willing to participate, learn, and adhere to security procedures.

5.0 Security Education and Awareness Plan

The collegiate Office of Information Technology recommends the following practices for educating faculty, staff, and students with regards to IT security.  The majority of these recommendations come from the advice of the National Institute for Standards and Technology (NIST).

5.1 Promotional/Specialty Items

Awareness relies on reaching broad audiences with attractive packaging techniques. Messages or motivational slogans can easily serve as refreshers on promotional or specialty trinket items, such as: badge holders, biometric devices, calendars, coffee cups, first-aid kits, flags, frisbees, golf tees, greeting cards, magnets, mousepads, notes and note pads, postcards, security screensavers, and t-shirts.

5.2 Motivational Slogans

Examples of motivational slogans include:

Security is everyone’s responsibility!
SEC_RITY is not complete without U!

5.3 Logon Access Banners

Examples of logon access banners include:

5.4 Hands-on Training

The collegiate Office of Information Technology highly recommends hands-on security training for new and existing faculty, staff and students. In many cases, short courses are offered by the University of Iowa, at no charge. Currently, the University offers free training on HIPAA Privacy Regulations and HIPAA Security Standards. There are also many seminars and training available from outside vendors.

5.5 Videos

Examples of videos include:

5.6 Computer-based Awareness Materials

The University of Iowa offers a computer-based training course on IT security called MIST. Other examples of computer-based awareness materials include:

5.7 Web-based Awareness Materials

Examples of web-based awareness materials include:

5.8 Posters or Flyers

Examples of posters and flyers include:

5.9 Briefings, Articles, Newsletters and Magazines

Examples of briefings, articles, newsletters and magazines include:

5.10 Exhibits

Examples of exhibits include:

6.0 Contacts and Technical Experts

College of Public Health Office of Information Technology (384-3838)
cph-support@uiowa.edu