IT Security Training Policy

We support you and your company by providing this Training Policy, which will help you to organize an IT awareness training for your own organization, company or project. This will save you or your  department time, cost, and efforts and help you to get improvements on cybersecurity awareness.

Training Policy grabs your teams' attention. It is drafted by IT and HR professionals, intelligently structured and easy-to-navigate through. 

Information Technology Administrative Policy. This policy provides information technology (IT) security awareness and training requirements for government information system users, which includes employees, contractors, temporary personnel and other agents of the state.

Examples of regulations or laws that require additional security training, include: 

Accessing Confidential Personal Information (CPI) (Section 1347.15 of the Revised Code) Family Educational Rights and Privacy Act (FERPA) IRS Publication 1075 FBI Criminal Justice Information Services (CJIS) Security Policy Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI-DSS) As appropriate, each agency shall supplement the basic IT security awareness training with tools that will help communicate local or programmatic information security issues, incidents and procedures (e.g., “message of the day,” posters, special events, e-mail notices). 

Listed below are a few examples of role-based training: Business managers and senior executives: The safeguarding and use of personally identifiable information (PII) Executive targeting threats such as social engineering and spear-phishing Identification of suspicious messages and the importance of not opening suspicious e-mails or attachments Examples of prominent cyber-attacks Application developers, system administrators, and database administrators:    IT-15 How to write secure code and use appropriate validation tools Proper security testing methods How to handle sensitive information 

Appropriate data security controls reduce the likelihood (and impact) of data breach incidents during various phases of the data lifecycle. The purpose of this standard is to set out the rules for securing the companies' data during transmission and storage. This document provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS).

Nowadays, with the digitalization of our society, the need for data protection became more important. The latest IT Security Standards involve the application of technology to broader social and institutional contexts, and thereby contributes to the servitization of companies, and affects how they compete and interact. This document contains security technology solutions to protect data classified as “Highly Sensitive”, “Sensitive”, “Private” or “Public” as per the Data Classification Standard and Data Handling Guidelines. Specifically: