1

General Awareness Training

Security AwarenessModule 1

Overview and Requirements

2

Overview Why do we need Security Awareness? Because Computer security is everyone’s

responsibility.

Employees and students must become aware of their individual and shared information security responsibilities and liabilities.

Employees and students must become concerned about the consequences of not protecting their personal computers and information on the university network.

Employees and students must take action to secure their identity on the university network and report security incidents to Security and Disaster Recovery (SDR).

3

What are the individual and institutional security requirements?

Federal and State Requirements Additional Information

University of Houston Requirements Additional Information

IT Requirements Additional Information

Research Requirements Additional Information

Residential Life and Housing Requirements Additional Information

College Requirements Additional Information

Contractual Requirements Additional Information

Auxiliary's Requirements Additional Information

4

Federal Requirements

Federal regulations require all users of information technology systems to conform with certain basic requirements and receive annual IT security awareness training

Family Educational Rights and Privacy Act (FERPA) Schools must have written permission from parents or eligible student in order to release any information from a student’s education record

5

cont. Federal Requirements

Health Insurance Portability and Accountability Act (HIPAA)

Protects health insurance coverage for workers and their families when they change or lose their job

Gramm-Leach-Bliley Financial Services Modernization Act (GLB)

Requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers. Return

6

State Requirements

Texas Administrative Code (TAC) 2.02 Applicable terms and technology for Information

Security and Disaster Recovery Security standards for Institutions of Higher

Education Texas Public Information Act Texas Penal Code Section 33.03, Accessing

a computer network or system without proper authorization Return

7

University of Houston Requirements

Security Orientation and Training Connecting Devices to University Communication

Network http://www.uh.edu/mapp/10/100304pol.htm

U of H Computer Policies and Guidelines http://www.uh.edu/infotech/php/template.php?nonsvc_id=25

Appropriate Use of Computing Resources http://

www.uh.edu/infotech/php/template.php?nonsvc_id=285 z Manual of Administrative Policies and Procedures http://

www.uh.edu

System Administrative Memoranda http://www.uh.edu Information Security Manual http://www.uh.edu

Return

8

IT Requirements

General Computing Policies http://www.uh.edu/infotech/php/template.php?nonsvc_id=27

Computer Security Violation Reporting http://www.uh.edu/infotech/php/template.php?nonsvc_id=280

System Administrator Responsibilities http://www.uh.edu/infotech/php/template.php?nonsvc_id=269

Individual Accountability http://www.uh.edu/infotech/php/template.php?nonsvc_id=267

Data and Software Access Control http://www.uh.edu/infotech/php/template.php?nonsvc_id=266

Information Security Manual http://www.uh.edu/infotech/php/template.php?nonsvc_id=268

Return

9

Requirements that must be met by Each User!

Research Requirements Additional Information

Residential Life and Housing Requirements Additional Information

College Requirements Additional Information

Contractual Requirements Additional Information

Auxiliary Requirements Additional Information Additional Information