Loyola University Chicago

- Navigation -

Loyola University Chicago

Information Technology Services

Security Awareness Policy

REVIEW

SCOPE:

This policy outlines how Information Security awareness materials will be provided to the Loyola community.


PURPOSE:

To ensure that all members of the Loyola community are exposed to Information Security awareness materials, and that they have some level of understanding of those materials.  This policy is required by regulations applicable to the University.


POLICY:

Methods of Delivery

Information Security awareness may be delivered through multiple methods. These methods may include, but are not limited to:

Information Security Website - The University Information Security Office (UISO) will maintain a website at www.luc.edu/uiso providing information about Information Security concepts, best practices, advisories and relevant security articles. The website will be updated monthly at a minimum.

Information Provided via Inside Loyola - The UISO will work with University Marketing and Communications (UMC) to send out relevant security messages to the community via Inside Loyola.

Information Provided via Mass Email to the Loyola Community – The UISO will work with UMC to send out high priority messages to the Loyola community via mass email distribution.

Information Security Awareness Training Sessions - The Information Security team will provide Information Security awareness sessions as requested by departments.

Information Provided via Loyola 101 Sessions - The UISO will meet with Human Resources on a yearly basis to ensure that Information Security materials included in the Loyola 101 information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.

Information Provided via New Faculty Orientation - The UISO will work with Faculty Administration on a yearly basis to ensure that Information Security materials included in the New Faculty Orientation information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.

PCI Compliance Awareness – The UISO will work with appropriate constituent groups to identify appropriate personnel and their role in PCI compliance and will ensure that all affected personnel attend awareness training upon hire and at least annually thereafter.  Additionally, on an annual basis, all personnel are required to acknowledge that they have read and that they understand the information security policy.

Video Awareness Training – The UISO will work with appropriate constituent groups to identify appropriate personnel and their roles (PCI-DSS, PII, Data Steward, and General Staff) and will ensure that all personnel attend appropriate awareness training upon hire and at least annually thereafter.  The training consists of a series of videos followed by a brief quiz.  Training is delivered via Loyola’s on line LMS.

Information Provided via Discover Loyola - The UISO will work with Residence Life on a yearly basis to ensure that Information Security materials included in Discover Loyola information sessions are current and appropriate. The UISO will be available to assist in providing this information as required.


EXCEPTIONS:

Exceptions to this policy will be handled in accordance with the ITS Security Policy.

APPENDIX:

Documents Referenced

ITS Security Policy

HISTORY:

October 2014 – Added PCI Requirements

June 23, 2015 – Annual Review for PCI Compliance

July 20, 2015 – Added section for video awareness sessions

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-4ITS

InfoServices@luc.edu

Notice of Non-discriminatory Policy