|Policy Approval Authority
|Division of Information Technology
|Chief Information Officer, Chief Information Security Officer
|Last Review Date
The purpose of this policy is to ensure that all Northern Illinois University employees are taught Information Security Awareness to gain the knowledge, skills, and abilities to maintain confidentiality, integrity and availability of the University's information and information technology resources.
The University seeks to establish a culture that ensures institutional data is secure. This policy and associated procedures establish the minimum requirements for the Information Security Awareness and Training controls.
This policy applies to all university employees.
"Security Awareness Training" is a formal process for educating employees about the Internet and computer security. A good security awareness program should educate employees about current threats, what they are and how to protect themselves, as well as institutional policies and procedures for working with the Division of IT and the Office of Information Security (OIS).
"Data Classification" is the determination of the data type, regardless of storage media (electronic or paper for example) and associated risks and security requirements, as outlined by the Data Classification Guidelines and Procedures.
The Office of Information security, on behalf of Northern Illinois University, is responsible for the implementation of an information security awareness training program to increase employees' awareness of their information security responsibilities in protecting the confidentiality, integrity, and availability of university information resources.
NIU employees must complete all assigned information security awareness training materials within 30 days of the training being made available to them.
Each year, the annual information security awareness training will occur during the same time frame as the State of Illinois Ethics Training. The employee's classification and employment status with the University at the time, determines if they are required to complete the information security awareness training during the training period.
The following employees are required to complete the annual information security awareness training during the normal time:
The following employee are not required to complete the annual information security awareness training during the normal time:
As part of onboarding to NIU, all new employees including
are required to complete information security awareness training.
The Office of Information Security in conjunction with other IT resources, will verify compliance to this policy through various methods, including but not limited to email reminders to employee's official university email account, application tools, reports, internal and external audits, and feedback to the Office of Information Security.
The Office of Information Security is authorized to limit network access for individuals or units not in compliance with all information security policies and related procedures. If any employee fails to complete assigned training within 30 days, their division head will be notified, and the employees account may be suspended. The employee may reactivate their account for a short period by contacting the DoIT Service Desk. Once the account is reactivated, they must complete the assigned training.
Version 1.0 6/15/2021