Skip to Main Content

Standard 18 - Cybersecurity Training



  1. Initial and recurring training. The UNF Chief Information Security Officer (CISO) shall ensure that security training is delivered and tracked. Initial and recurring training:
    1. Should, at minimum, identify user responsibilities, common threats, regulatory and University requirements regarding the acceptable use and security of information resources, proper handling of sensitive data, and incident notification
    2. Is to be administered in accordance with the following schedule, or more frequently as determined by the University.
      1. Each new employee must complete initial training within 30 days after their date of hire or otherwise engaged or assigned to perform such work.
      2. Recurring training for employees and workers with access to University information resources shall take place at least annually.
  2. In addition to initial training, data owners and custodians should receive periodic training addressing the responsibilities associated with their roles.  Method of delivery and scheduling of such training should be determined by the UNF CISO.
  3. Awareness training should, at minimum, identify common threats, proper handling of sensitive data, behaviors that increase risk, behaviors that reduce risk, and incident notification.  Method of delivery and scheduling of awareness training should be determined by the UNF CISO.
  4. Technical support training. data owners and custodians must provide, based on role, appropriate technical training equivalent to current industry standards for employees providing end user or technical support for information resources under their authority.

Return to the ITS Policies and Procedures List