Security awareness training

We can’t depend on technical solutions alone to secure our systems and valuable data. People are still the first line of defence against malicious attacks. That's why information security awareness training is compulsory for all University staff and highly recommended for all students. 

Requirements

In order to ensure a high level of information security awareness among staff and students, heads of departments, divisions, and faculty board chairs need to:

  1. Encourage all staff to take the compulsory information security awareness training. It is recommended that students are also encouraged to complete the training, to ensure they fully understand information security and come to view it as an integral part of their day-to-day study and work life
  2. Include information security awareness training in your divisional, departmental or faculty processes for new joiners
  3. Keep an up-to-date record of who has completed information security awareness training
  4. Repeat information security awareness training for staff on an annual basis
How to comply

Information security training empowers individuals to make better decisions, not only in how to recognise and respond to potential cyber-attacks, but also to be sure they aren’t inadvertently putting data at risk in their day-to-day work.

Online training

To support you in educating staff in your division, department or faculty, the University offers an online information security awareness module which provides a combination of information, case studies and links to additional resources relating to information security.

The University's security awareness training course is mandatory for all staff. Ensuring that your staff have completed this will satisfy the security awareness training requirements of the Information Security Policy. The Information Security team can provide you with monthly reports on the completion of the module within your division, department or faculty.

Other training

If you choose to deliver your own information security awareness training or engage a third party to do so on your behalf, this must be equivalent in content to that of the University's online module. If this applies to your division, department or faculty, please discuss this with the Information Security team.

What we offer:

The Information Security team can draw on its broad expertise to provide training and awareness tailored to your needs. This could be a general security awareness presentation to your whole team, or a more detailed one-to-one session to address a specific situation. Information security training is the cornerstone of a balanced programme of protective measures.

Benefits for you:

  • Help people recognise and respond to potential cyber-attacks, phishing and social engineering attempts
  • Protect our staff and students by ensuring teams have up-to-date knowledge about how to handle personal data
  • Reduce the number of security incidents by sharing best practices
  • Help embed information security in day-to-day activities

The service is available to all parts of the collegiate University. The service includes:

  • Assistance with determining the level of risk based on the nature and volume of the data involved
  • Assessing the security controls and contractual arrangements of the supplier to determine if they are fit for purpose
  • Providing advice, assistance and support when dealing with supplier queries and negotiations
  • Making recommendations to help you decide whether the supplier’s security is sufficiently mature

 

Policy

It is University policy that:

  • All staff must complete information security awareness training