Last modified: mars 14, 2025
Policy No. 4204 Employee Security Awareness Training Procedure
Vue d'ensemble
The most effective way to ensure that PCSD employees do not make costly errors regarding information security is to implement district-wide security-awareness training initiatives. These initiatives include, but are not limited to:
- Instructor-led training sessions
- Mandatory yearly SafeSchools customized training for all employees
- Additional required SafeSchools training for employees with access to sensitive information
Available tools include a security awareness website, helpful hints via email, Tech Talk publications, posters, and promotions.
Objectif
These methods help ensure employees have a solid understanding of PCSD’s security policies, procedures, and best practices. Employees shall also have a basic understanding of the following security-related topics:
- Social engineering tactics
- Email and messaging security
- Safe internet browsing
- Social networking threats
- Mobile device security
- Password best practices
- Data classification
- Data transmission and encryption
- Data destruction
- Wi-Fi security
- Working remotely
- Insider threats from students and staff
- Physical security issues
- Protecting personal and work computers
- Copyright infringements
- Malware and virus protection
- Sharing files with local and state entities
- Workspace security
Champ d'application
All PCSD employees shall receive security-specific training annually.
Procédure
Types of Training Implemented
- Instructor-led training – As needed.
- SafeSchools training videos and certificates
- Basic security video training to be completed yearly by all employees.
- Additional, more in-depth training required for users with access to P.I.I.
- Completion of training to be monitored by Human Resources (HR).
- Security Awareness Website
- General information
- Video resources
- Links to policies and procedures
- Links to additional security-related resources
- Conseils utiles
- Notifications will be sent when there is a significant security risk or threat.
- Continued distribution of Tech Talk newsletters regarding information security.
- Utilization of additional means necessary to inform employees of security information and training opportunities.
Last Update Status:
Updated January 2015
Related Policies and Procedures
- 4204 Utilisation acceptable
- 4204 Audit
- 4204 Bureau propre
- 4204 Plan de reprise après sinistre
- 4204 Courriel
- 4204 Formation des employés à la sensibilisation à la sécurité
- 4204 Chiffrement
- 4204 Mot de passe
- 4204 Accès à distance
- 4204 Sécurité des routeurs et des commutateurs
- 4204 Sécurité des postes de travail sensibles
- 4204 Plan d'intervention de sécurité
- 4204 Sécurité du serveur
- 4204 Installation du logiciel
- 4204 Services de sécurité des sites web
- 4204 Communication entre dispositifs sans fil
- 4204 Communication d'infrastructure sans fil