Policy 16 - Information Security Awareness Training Policy

1.0 Purpose

The purpose of this policy is to provide all employees of Murray State University with appropriate awareness of information and information systems security requirements and of their responsibilities to protect information technology resources and systems. The success of the University’s awareness and training program, and the overall awareness of secure business practices, depends upon the ability of all users to work toward a common goal of protecting MSU’s information, information systems and associated resources.

2.0 Scope

This policy is meant for all regular, full-time and regular, part-time employees of the University. This includes all Faculty, Exempt Staff and Non-Exempt Staff. 

3.0 Policy

This policy is in support of MSU security policies, standards and procedures designed to educate users about risks to information and information technology systems. 

  • All employees are required to complete Information Security Awareness training.
  • The training will be provided by Information Systems via a platform that all employees can access.
  • Training content may vary based on job duties and responsibilities.
  • Training may include, but is not limited to:
    • Videos
    • Reading material
    • Quiz questions
    • Interactive modules
    • Phishing training emails sent to the employees inbox

4.0 Enforcement

Anyone found to have violated this policy may be subject to disciplinary action according to personnel policies and procedures. A violation of this policy by a temporary worker, contractor or vendor may result in the termination of their contract or assignment with Murray State University.



Policy adopted:  08-21-2024
Revision adopted:  08-21-2024
Policy approval and adoption: Murray State University President's Office and Information Systems Security

Take the next step

© Murray State University Department of Web ManagementWe are Racers.