Security awareness training

We can’t depend on technical solutions alone to secure our systems and valuable data. People are still the first line of defence against malicious attacks. That's why information security awareness training is compulsory for all University staff. And it is your responsibility as a Head of Division, Head of Department or Faculty Board Chair to make it happen.

AT OXFORD

What we offer:

Information security training empowers individuals to make better decisions, not only in how to recognise and respond to potential cyber-attacks, but also to be sure they aren’t inadvertently putting data at risk in their day-to-day work.

The Information Security Team can draw on its broad expertise to provide training and awareness tailored to your needs. This could be a general security awareness presentation to your whole team, or a more detailed one-to-one session to address a specific situation. Information security training is the cornerstone of a balanced programme of protective measures.

 

Benefits for you:

  • Help people recognise and respond to potential cyber-attacks, phishing and social engineering attempts

  • Protect our staff and students by ensuring teams have up-to-date knowledge about how to handle personal data

  • Reduce the number of security incidents by sharing best practices

  • Help embed information security in day-to-day activities

 

How it works:
The service is available to all parts of the collegiate university. The service includes:
  • Assistance with determining the level of risk based on the nature and volume of the data involved
  • Assessing the security controls and contractual arrangements of the supplier to determine if they are fit for purpose
  • Providing advice, assistance and support when dealing with supplier queries and negotiations
  • Making recommendations to help you decide whether the supplier’s security is sufficiently mature
 
REQUIREMENTS

In order to ensure a high level of information security awareness among your staff, you need to:

  1. Arrange compulsory information security awareness training for staff within your division, department or faculty to ensure they fully understand information security and come to view it as an integral part of their day-to-day work
  2. Include information security awareness training in your divisional, departmental or faculty processes for new joiners
  3. Keep an up-to-date record of who has completed information security awareness training
  4. Repeat information security awareness training for staff on an annual basis
HOW TO COMPLY

Online training

To support you in educating staff in your division, department or faculty, the University offers an online information security awareness module which provides a combination of information, case studies and links to additional resources relating to information security.

This module is available to all University staff, and is already mandatory for staff within UAS. Ensuring that your staff have completed this will satisfy the security awareness training requirements of the Information Security Policy. The Information Security Team can provide you with monthly reports on the completion of the module within your division, department or faculty.

Other training

If you choose to deliver your own information security awareness training or engage a third party to do so on your behalf, this must be equivalent in content to that of the University's online module. If this applies to your division, department or faculty, please discuss this with the Information Security Team.

Where external requirements mandate specific training (such as NHS Information Governance training within Medical Sciences, for example), this should be sufficient to satisfy the University's requirements. Again, if this applies to your division, department or faculty, please discuss this with the Information Security Team.

POLICY

It is University Policy that:

  • All staff must complete information security awareness training