Security Awareness Policy
Scope:
This policy outlines how Information Security awareness materials will be provided to the Loyola community.
Purpose:
To ensure that all members of the Loyola community are exposed to Information Security awareness materials, and that they have some level of understanding of those materials. This policy is required by regulations applicable to the University.
Policy:
Methods of Delivery
Information Security awareness may be delivered through multiple methods. These methods may include, but are not limited to:
- Information Security website
- Information provided via Inside Loyola
- Information provided via mass email to the Loyola community
- Information security awareness training sessions
- Information provided via Loyola 101 sessions
- Information provided via new faculty orientation
- PCI Compliance Awareness
- Video Awareness Training using Loyola’s Learning Management System
- Information provided via Discover Loyola
Information Security Website - The University Information Security Office (UISO) will maintain a website at www.luc.edu/uiso providing information about Information Security concepts, best practices, advisories and relevant security articles. The website will be updated monthly at a minimum.
Information Provided via Inside Loyola - The UISO will work with University Marketing and Communications (UMC) to send out relevant security messages to the community via Inside Loyola.
Information Provided via Mass Email to the Loyola Community – The UISO will work with UMC to send out high priority messages to the Loyola community via mass email distribution.
Information Security Awareness Training Sessions - The Information Security team will provide Information Security awareness sessions as requested by departments.
Information Provided via Loyola 101 Sessions - The UISO will meet with Human Resources on a yearly basis to ensure that Information Security materials included in the Loyola 101 information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
Information Provided via New Faculty Orientation - The UISO will work with Faculty Administration on a yearly basis to ensure that Information Security materials included in the New Faculty Orientation information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
PCI Compliance Awareness – The UISO will work with appropriate constituent groups to identify appropriate personnel and their role in PCI compliance and will ensure that all affected personnel attend awareness training upon hire and at least annually thereafter. Additionally, on an annual basis, all personnel are required to acknowledge that they have read and that they understand the information security policy.
Video Awareness Training – The UISO will work with appropriate constituent groups to identify appropriate personnel and their roles (PCI-DSS, PII, Data Steward, HIPAA, and General Staff) and will ensure that all personnel attend appropriate awareness training upon hire and at least annually thereafter. The training consists of a series of videos followed by a brief quiz. Training is delivered via Loyola’s on line LMS or another approved online method.
Information Provided via Discover Loyola - The UISO will work with Residence Life on a yearly basis to ensure that Information Security materials included in Discover Loyola information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
Exceptions:
Exceptions to this policy will be handled in accordance with the ITS Security Policy.
References:
History:
- October 2014: V 1.0, Added PCI Requirements
- June 23, 2015: V 1.1, Annual Review for PCI Compliance
- July 20, 2015: V 1.2, Added section for video awareness sessions
- June 20, 2016: V 1.2, Annual Review for PCI Compliance
- April 19, 2017: V 1.2, Annual Review for PCI Compliance
- July 19, 2017: V1.3, Added references for HIPAA
- Sep 6, 2018: V1.3, Annual Review for PCI Compliance
- Sep 24, 2019: V1.3, Annual Review for PCI Compliance
Scope:
This policy outlines how Information Security awareness materials will be provided to the Loyola community.
Purpose:
To ensure that all members of the Loyola community are exposed to Information Security awareness materials, and that they have some level of understanding of those materials. This policy is required by regulations applicable to the University.
Policy:
Methods of Delivery
Information Security awareness may be delivered through multiple methods. These methods may include, but are not limited to:
- Information Security website
- Information provided via Inside Loyola
- Information provided via mass email to the Loyola community
- Information security awareness training sessions
- Information provided via Loyola 101 sessions
- Information provided via new faculty orientation
- PCI Compliance Awareness
- Video Awareness Training using Loyola’s Learning Management System
- Information provided via Discover Loyola
Information Security Website - The University Information Security Office (UISO) will maintain a website at www.luc.edu/uiso providing information about Information Security concepts, best practices, advisories and relevant security articles. The website will be updated monthly at a minimum.
Information Provided via Inside Loyola - The UISO will work with University Marketing and Communications (UMC) to send out relevant security messages to the community via Inside Loyola.
Information Provided via Mass Email to the Loyola Community – The UISO will work with UMC to send out high priority messages to the Loyola community via mass email distribution.
Information Security Awareness Training Sessions - The Information Security team will provide Information Security awareness sessions as requested by departments.
Information Provided via Loyola 101 Sessions - The UISO will meet with Human Resources on a yearly basis to ensure that Information Security materials included in the Loyola 101 information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
Information Provided via New Faculty Orientation - The UISO will work with Faculty Administration on a yearly basis to ensure that Information Security materials included in the New Faculty Orientation information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
PCI Compliance Awareness – The UISO will work with appropriate constituent groups to identify appropriate personnel and their role in PCI compliance and will ensure that all affected personnel attend awareness training upon hire and at least annually thereafter. Additionally, on an annual basis, all personnel are required to acknowledge that they have read and that they understand the information security policy.
Video Awareness Training – The UISO will work with appropriate constituent groups to identify appropriate personnel and their roles (PCI-DSS, PII, Data Steward, HIPAA, and General Staff) and will ensure that all personnel attend appropriate awareness training upon hire and at least annually thereafter. The training consists of a series of videos followed by a brief quiz. Training is delivered via Loyola’s on line LMS or another approved online method.
Information Provided via Discover Loyola - The UISO will work with Residence Life on a yearly basis to ensure that Information Security materials included in Discover Loyola information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.
Exceptions:
Exceptions to this policy will be handled in accordance with the ITS Security Policy.
References:
History:
- October 2014: V 1.0, Added PCI Requirements
- June 23, 2015: V 1.1, Annual Review for PCI Compliance
- July 20, 2015: V 1.2, Added section for video awareness sessions
- June 20, 2016: V 1.2, Annual Review for PCI Compliance
- April 19, 2017: V 1.2, Annual Review for PCI Compliance
- July 19, 2017: V1.3, Added references for HIPAA
- Sep 6, 2018: V1.3, Annual Review for PCI Compliance
- Sep 24, 2019: V1.3, Annual Review for PCI Compliance