Last modified: marzo 14, 2025
Policy No. 4204 Employee Security Awareness Training Procedure
Visión general
The most effective way to ensure that PCSD employees do not make costly errors regarding information security is to implement district-wide security-awareness training initiatives. These initiatives include, but are not limited to:
- Instructor-led training sessions
- Mandatory yearly SafeSchools customized training for all employees
- Additional required SafeSchools training for employees with access to sensitive information
Available tools include a security awareness website, helpful hints via email, Tech Talk publications, posters, and promotions.
Propósito
These methods help ensure employees have a solid understanding of PCSD’s security policies, procedures, and best practices. Employees shall also have a basic understanding of the following security-related topics:
- Social engineering tactics
- Email and messaging security
- Safe internet browsing
- Social networking threats
- Mobile device security
- Password best practices
- Data classification
- Data transmission and encryption
- Data destruction
- Wi-Fi security
- Working remotely
- Insider threats from students and staff
- Physical security issues
- Protecting personal and work computers
- Copyright infringements
- Malware and virus protection
- Sharing files with local and state entities
- Workspace security
Alcance
All PCSD employees shall receive security-specific training annually.
Procedimiento
Types of Training Implemented
- Instructor-led training – As needed.
- SafeSchools training videos and certificates
- Basic security video training to be completed yearly by all employees.
- Additional, more in-depth training required for users with access to P.I.I.
- Completion of training to be monitored by Human Resources (HR).
- Security Awareness Website
- General information
- Video resources
- Links to policies and procedures
- Links to additional security-related resources
- Consejos útiles
- Notifications will be sent when there is a significant security risk or threat.
- Continued distribution of Tech Talk newsletters regarding information security.
- Utilization of additional means necessary to inform employees of security information and training opportunities.
Last Update Status:
Updated January 2015
Related Policies and Procedures
- 4204 Uso aceptable
- 4204 Auditoría
- 4204 Escritorio limpio
- 4204 Plan de recuperación en caso de catástrofe
- 4204 Correo electrónico
- 4204 Formación para la concienciación sobre seguridad de los empleados
- Cifrado 4204
- 4204 Contraseña
- 4204 Acceso remoto
- 4204 Seguridad de routers y conmutadores
- 4204 Seguridad para puestos de trabajo sensibles
- 4204 Plan de respuesta de seguridad
- 4204 Seguridad del servidor
- 4204 Instalación del software
- 4204 Seguridad de los servicios del sitio web
- 4204 Comunicación de dispositivos inalámbricos
- 4204 Comunicación de infraestructuras inalámbricas