Information Security Awareness

University of Louisville Information Security Awareness Program

Information Security Awareness is an important goal in today's environment. Phishing, identify theft, regulations, malicious software, etc. all impact the way we use and control computing systems and electronic data.  Raising the level of security awareness across campus is the goal of the Information Security Awareness Program.  A message communicated in a variety of venues is more likely to make a lasting impression.

The program started with these goals:

• Identify current Information Security awareness efforts
• Assess these efforts for adequacy or need for improvement
• Examine current efforts and determine additional efforts that are needed
• Document and define additional efforts
• Obtain administration support
• Prioritize and proceed

The following current efforts are being maintained and/or improved:

• General Communications
• Brochures, Posters, Signs
• E-Mail: University wide or other high distribution
• Newsletters
• UofL Today
• Web Sites
• Tier (Technical) Communications
• Tier Advisory Group (TAG) Communications
• Tier One Meetings
• Tier Talk
• Student Awareness
• Student Orientation Materials
• Student E-Mail (Net-Mail news and global log-in messages)
  
  Newer additions to current efforts
• Faculty and Staff Orientation (Phase 1)
  A new set of slides has been incorporated into HR orientation giving an overview of Information Security and Technology policies and responsibilities and pointing to University Web Sites for more information. Phase 2 will concentrate on developing basic on-line Information Security Awareness training for all UofL faculty, staff and students.
• Annual Cyber-Security Awareness Week and "Grill the ISO" Cook-outs
  Targeted to all students, faculty and staff.  A week has been devoted to heightening Cyber-Security awareness through-out campus. Events include cook-outs, lectures, computer security scans, lectures, vendor participation, etc. See this page for more information.
• Fundamentals of HIPAA Security On-line Training
  HIPAA Security Rule focused information security training for all faculty, staff and most students within the UofL Hybrid Covered Entity. This training may be modified when the new basic on-line Information Security Awareness training is on-line and available.  See this page for more information.
• Information Security Design Theme Contest
  In the Fall of 2005, the Information Security Office announced a design contest in order to come up with unifying design elements that could be used on Information Security "Office communications. The "InfoSec" design at the top of this page is an example. For more information, including other designs and contact information for the designers, please see this page.

Primary "new" focus for 2006 is in these areas:

• Faculty and Staff Orientation (Phase 2)
  Develop and implement basic on-line Information Security Awareness training for all UofL faculty and staff
• Student Orientation
  Develop and implement basic on-line Information Security Awareness training for all UofL students. Basic information security training will probably be a common body of knowledge for faculty, staff and students.
• Publication of New/Revised Policies and Standards
  Extremely important as legal and regulatory requirements increase. These are foundational to the information security awareness program, compliance program and education activities.
• Information Security Policies and Standards Education Program
  Once initial new/revised policies and standards are official and approved, start periodic "live" Information Security Policy and Standards training seminars.