All-Employee Security Awareness
Mandatory All-Employee Security Awareness Program
All UA employees, student workers and DCCs with access to University Information Resources are required to complete annual security awareness training. To fulfill this requirement, the Information Security Office, with help from the campus community, has developed user-friendly online modules to ensure that all employees can easily participate in and complete the security awareness program. The program has been designed to not only inform employees of their responsibilities as members of the UA community, but to also assist them in securing their information at home.
Security Awareness Training Links
- Completion Instructions: Employees and DCCs have already been enrolled in training. Please review the completion instructions.
- Information Security Awareness Training Policy
- For questions or concerns regarding whether or not you need to complete training, please contact the Information Security Office.
- For technical support, please contact the 24/7 IT Support Center.
Frequently Asked Questions (FAQs)
This training is mandatory for all UA employees, student workers, and DCCs with access to University Information Resources, including:
- Networks and network appliances
- Computers (servers, workstations and laptops)
- Software and applications
- Thumb drives, hard copies of documents, etc.
- Any other computer‐related equipment, device or hardware used to access, store, transmit or interface with another university resource
Yes, this training should completed as part of new employees' onboarding processes.
The University's Information Security Awareness Training Policy contains the following requirement:
- All University employees (including student employees) and Designated Campus Colleagues (DCCs) must complete security awareness training within the first 30 days from date of hire. Information Security Refresher Training must be completed annually, within 60 days of the anniversary of the previous instance of such training.
ISO is authorized to limit network access for individuals or Units not in compliance with information security policies (including this one) and related procedures. In cases where University resources are actively threatened, the CISO shall act in the best interest of the University by securing the resources in a manner consistent with the Information Security Incident Response Plan. In an urgent situation requiring immediate action, the CISO is authorized to disconnect affected individuals or Units from the network. In cases of noncompliance with this policy, the University may apply appropriate employee sanctions or administrative actions, in accordance with relevant administrative, academic, and employment policies.
If you have any issues, comments or concerns please contact the 24/7 IT Support Center at 520-626-8324.