SP 6-10u – Security Awareness Training

Colorado Community College System / System Procedure


SP 6-10u

APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

APPROVED:

/ Joe Garcia /
Joseph A. Garcia
Chancellor

BASIS

This procedure documents the requirements for the Cyber Security awareness training of the Colorado Community College System and its Colleges (“CCCS”). CCCS has instituted a Cyber Security awareness program with the intention of providing continuous Cyber Security awareness, in order to better enhance security best practices and continuous efforts to safeguard Information Systems and Assets.

APPLICATION

This procedure applies to employees, personnel affiliated via third party contracts, and volunteers that have access to Information Systems and Assets that are owned or leased by CCCS.

PROCEDURE

The System Chancellor delegates to the System Vice Chancellor for Information Technology (“IT”) responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.

CCCS shall conduct an ongoing information Cyber Security awareness and training program for all employees and users to explain information security responsibilities and to provide training to accomplish its information security objectives.

  • CCCS shall require that employees undergo Cyber Security training on at least an annual basis. Cyber Security training will also include testing of employee comprehension of Cyber Security.
  • CCCS shall require that employees review and acknowledge CCCS’s Acceptable Use of Information Assets Procedure during training.
  • CCCS shall require that employees whose job duties relate to application development undergo secure code training.
  • CCCS shall require all other users (e.g., contractors and volunteers), to complete Cyber Security awareness training that is appropriate to their particular level of access to Information Systems and Assets.

REVISING THIS PROCEDURE

CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.