Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3 Awareness & Training<br />
Section 3.1 and 3.2 constitute the State <strong>of</strong> Kansas’ Security Awareness and Operations<br />
Training <strong>Policy</strong>. This policy is accompanied by defined Security Awareness and Operations<br />
Training Mandatory Procedures and Baselines that are distributed in a companion<br />
document. For further insight, see ITEC <strong>Policy</strong> 7400.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
3. Awareness & Training <br />
3.1. Security Awareness Training<br />
3.1.1. Design and Develop an Awareness Training Program (2 sets) (1 set)<br />
3.1.2. Provide Awareness Training (2 sets) (1 set)<br />
3.2. Security Operations Training<br />
3.2.1. Design and Develop an Operations Training Program (2 sets) (1 set)<br />
3.2.2. Provide Operations Training (3 sets) (2 sets)<br />
3.1 Security Awareness Training<br />
The State <strong>of</strong> Kansas requires that Security Awareness Training be conducted for all<br />
internal users (including third parties working for or as state employees) <strong>of</strong> the State’s<br />
information systems. This training will address the purpose <strong>of</strong> IT security, the risks <strong>of</strong><br />
failing to provide appropriate IT security as well as the manner in which information<br />
system users can uphold and enforce appropriate IT security.<br />
Security awareness training ensures that users <strong>of</strong> the State’s information systems<br />
understand the security implications <strong>of</strong> their actions and increases the likelihood that<br />
information system security will not be breached, either intentionally or<br />
unintentionally, through technical measures (such as hacking) or non-technical<br />
measures (such as Social Engineering). Without such training information system users<br />
have an increased likelihood <strong>of</strong> breaching security and have lower individual<br />
culpability should they breach security.<br />
All employees <strong>of</strong> the State <strong>of</strong> Kansas are required to participate in security awareness<br />
training within 90 days <strong>of</strong> starting work and thereafter on an at least annual basis.<br />
Upon completion <strong>of</strong> security awareness training all employees will be required to sign<br />
a declaration that they have completed training, understand the purpose <strong>of</strong> the<br />
training and the specific procedures taught, and that they intend to abide by these<br />
security policies. That signed declaration shall be filed with the Human Resources<br />
department <strong>of</strong> the employee’s individual agency.<br />
The security awareness training program and accompanying materials will be<br />
reviewed and, where required, updated on at least an annual basis. This work will<br />
ensure that program and accompanying materials have the greatest level <strong>of</strong> on-going<br />
relevance with regards to the State <strong>of</strong> Kansas’ IT security requirements. This review<br />
will occur prior to annual security awareness training to ensure the training provided<br />
is always as current as possible.<br />
9