The NCSA Security Office requires all staff to review and acknowledge the NCSA Information Security Policy upon hire and annually, thereafter. The Security Office also makes general security training available to all staff annually as a part of the NCSA Leadership Development program. This training is designed to communicate important security policies and good security hygiene practices. Information regarding important security vulnerabilities are also disseminated to system administrators and other equipment operators at NCSA. University staff within the NCSA Health Care Component are required to take training provided by the University regarding electronic personal health information (ePhi) within 2 weeks of becoming a part of the component.

Channels for dissemination change, but some current ones are:

• The CyberSecurity Division blog
• The Security Office vulnerability blog
• The NCSA Bytes & Pieces staff newsletter
• The CyberSecurity Division Twitter stream
• All staff emails for urgent communication
• Automated reminders to acknowledge the NCSA Information Security Policy