Policy 16 - Information Security Awareness Training Policy
1.0 Purpose
The purpose of this policy is to provide all employees of Murray State University with appropriate awareness of information and information systems security requirements and of their responsibilities to protect information technology resources and systems. The success of the University’s awareness and training program, and the overall awareness of secure business practices, depends upon the ability of all users to work toward a common goal of protecting MSU’s information, information systems and associated resources.
2.0 Scope
This policy is meant for all regular, full-time and regular, part-time employees of the University. This includes all Faculty, Exempt Staff and Non-Exempt Staff.
3.0 Policy
This policy is in support of MSU security policies, standards and procedures designed to educate users about risks to information and information technology systems.
- All employees are required to complete Information Security Awareness training.
- The training will be provided by Information Systems via a platform that all employees can access.
- Training content may vary based on job duties and responsibilities.
- Training may include, but is not limited to:
- Videos
- Reading material
- Quiz questions
- Interactive modules
- Phishing training emails sent to the employees inbox
4.0 Enforcement
Anyone found to have violated this policy may be subject to disciplinary action according to personnel policies and procedures. A violation of this policy by a temporary worker, contractor or vendor may result in the termination of their contract or assignment with Murray State University.
Policy adopted: 08-21-2024
Revision adopted: 08-21-2024
Policy approval and adoption: Murray State University President's Office and Information
Systems Security