Security Awareness Best Practice
All employees at KCTCS receive training in the principles of information security including the written security policies and procedures that are to be followed.
At the direction of the Information Security Officer, the Security Breach Coordinator is responsible for maintaining a formal security awareness program for all sensitive data environment employees.
Security Awareness Training
In collaboration with the KCTCS Information Security Officer, a formal security awareness program has been developed and delivered by a web based training tool and maintained by KCTCS Human Resources for all sensitive data environment employees. This training includes:
- Develop, document, and implement a formal sensitive data security awareness program making all personnel (including management) aware of the importance of sensitive data security.
- Provide periodic security updates and annual refresher courses to regularly remind employees about their obligations and responsibilities with respect to sensitive data security.
- Provide training to all employees on the policies and procedures related to the sensitive data environment.
- Upon employment, all employees will be required to complete a test of the material
and sign a Security Awareness Training Acknowledgement Form.
- Annually, employees will be required to acknowledge the policy. KCTCS utilizes an online process that includes this acknowledgement.
Social Engineering Campaign
Social Engineering campaigns may be conducted at random to further improve security awareness and continue to reinforce safe email handling