The purpose of this policy is to identify the conditions necessary to provide information technology system users with appropriate awareness of system security requirements and of their responsibilities to protect information technology resources and systems.
IT system users in this context means faculty, retired faculty, staff, Longwood University Foundation employees, retired staff, student workers and any other individuals approved for access by the Chief Information Officer.
Training requirements: At a minimum, basic security awareness training topics will include malicious code protection, proper disposal of data storage media, proper use of encryption products, password management, intellectual property rights, including software licensing and copyright issues and other concepts as required. IT system users will be required to document acceptance of security policies after receiving security awareness training.
Additional security training may be required based on Longwood-specific or role-specific security training requirements.
Attendance and monitoring: Documentation is required for all IT security training. Training must be completed within 30 days of: (1) access being granted to IT resources and systems or (2) the assignment of role-specific security responsibilities.
Security awareness training is required at least annually or more often as necessary.
The Information Security Policy, Awareness and Training Coordinator is responsible for monitoring receipt of IT security training.
The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of information technology (IT) resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.
Approved by the Board of Visitors, December 7, 2007.
Revised and approved by the Board of Visitors, March 26, 2010.