It Persronal Security and Training Implementaiton Policy
In:
Submitted By raw73 Words 717 Pages 3
Personal Security and Training
Purpose
The purpose of this document is to outline the requirements any person/or persons must take before they can access any Cenartech information system. This document will outline the following: * Security awareness and training procedures * Policy statement * Security training * Statement * Applicability and Implementation * Alterations * Frequency * Additional * Security records
After reading this document an individual will know and understand the security requirements and procedures that must be undertaken before accessing an information system owned or governed by Cenartech. Training requirements can vary dependant on the position an individual has been employed to perform. All training programs have been developed and designed in accordance with the methodologies in The NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program (Wilson & Hash, 2003).
Security Awareness and Training Procedures
Statement
All Cenartech employees are required to undergo basic security training before accessing any information system owned or governed by Cenartech. Further training could also be required dependant on the scope of the role of an employee or contractor. Employees will understand all the training requirements prior to employment. Before employment can commence Cenartech and the employee will define, via a signed contract, the security protocols to be followed by that employee. The contract will contain the security awareness and training protocols, which covers topics such as, but not limited to: purpose, scope, responsibilities of the employee, co-ordination with management, Cenartech security policies, training frequency and associated security awareness and training standards.
All potential employees will be vetted