The NCSA Security Office requires all staff to review and acknowledge the NCSA Information Security Policy upon hire and annually, thereafter. The Security Office also makes general security training available to all staff at least twice annually. This training is designed to communicate important security policies and good security hygiene practices: often discussing the latest threats (i.e. malware, attack techniques), security tools, and best practices. The training is advertised within NCSA's staff newsletter and CSD's official blog (see links below). Documentation of staff attendance is required.
Information regarding important security vulnerabilities are also disseminated to system administrators and other equipment operators at NCSA. University staff within the NCSA Health Care Component are required to take training provided by the University regarding electronic Protected Health Information (ePHI) before being granted access to and systems with ePHI. University staff within the group with ACHE access and are involved with CUI are required to take training provided by the University before being granted access to systems with CUI.
Channels for dissemination change, but some current ones are:
- The CyberSecurity Division Wiki blog
- The NCSA Bytes & Pieces staff newsletter
- The #security-discussion channel in NCSA Slack
- The NCSA Security Services blog
- All staff emails for urgent communication
- Automated reminders to acknowledge the NCSA Information Security Policy
In addition to NCSA's own Security Awareness Program, the University of Illinois offers Security Awareness Training to all U of I staff, including NCSA staff, students, etc. Details of the training is offered here: https://cybersecurity.uillinois.edu/Training and the training course can be accessed here: https://go.illinois.edu/securitytraining.