1 General Awareness Training Security Awareness Module 1 Overview and Requirements

2 Overview Why do we need Security Awareness? Because Computer security is everyone’s responsibility. Employees and students must become aware of their individual and shared information security responsibilities and liabilities. Employees and students must become concerned about the consequences of not protecting their personal computers and information on the university network. Employees and students must take action to secure their identity on the university network and report security incidents to Security and Disaster Recovery (SDR).

3 What are the individual and institutional security requirements? Federal and State Requirements Additional Information Additional Information University of Houston Requirements Additional Information Additional Information IT Requirements Additional Information Additional Information Research Requirements Additional Information Additional Information Residential Life and Housing Requirements Additional Information Additional Information College Requirements Additional Information Additional Information Contractual Requirements Additional Information Additional Information Auxiliary's Requirements Additional Information Additional Information

4 Federal Requirements Federal regulations require all users of information technology systems to conform with certain basic requirements and receive annual IT security awareness training Family Educational Rights and Privacy Act (FERPA) Schools must have written permission from parents or eligible student in order to release any information from a student’s education record

5 cont. Federal Requirements Health Insurance Portability and Accountability Act (HIPAA) Protects health insurance coverage for workers and their families when they change or lose their job Gramm-Leach-Bliley Financial Services Modernization Act (GLB) Requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers. Return Return

6 State Requirements Texas Administrative Code (TAC) 2.02 Applicable terms and technology for Information Security and Disaster Recovery Security standards for Institutions of Higher Education Texas Public Information Act Texas Penal Code Section 33.03, Accessing a computer network or system without proper authorization Return Return

7 University of Houston Requirements Security Orientation and Training Connecting Devices to University Communication Network U of H Computer Policies and Guidelines Appropriate Use of Computing Resources z Manual of Administrative Policies and Procedures System Administrative Memoranda Information Security Manual Return Return

8 IT Requirements General Computing Policies Computer Security Violation Reporting System Administrator Responsibilities Individual Accountability Data and Software Access Control Information Security Manual Return

9 Requirements that must be met by Each User! Research Requirements Additional Information Additional Information Residential Life and Housing Requirements Additional Information Additional Information College Requirements Additional Information Additional Information Contractual Requirements Additional Information Additional Information Auxiliary Requirements Additional Information Additional Information