For over 100 years, Massachusetts Maritime Academy has been preparing women and men for exciting and rewarding careers on land and sea. As the nation's finest co-ed maritime college, MMA challenges students to succeed by balancing a unique regimented lifestyle with a typical four-year college environment. As a member of the cadet corps you will live, study, sail, work and play in an atmosphere that encourages you to be your best.
Security Awareness Training
Last updated 2/5/2016
The purpose of this policy is to ensure that any user who has access to Massachusetts Maritime Academy’s (MMA) information technology-based resources has an understanding of MMA’s applicable information security policies and a proven understanding of security awareness.
This policy applies to all faculty and staff who have access to MMA’s information technology-based resources.
Individuals must understand the risks in using today’s technology and how to effectively defend against today’s cyber threats, both at work and at home. The primary purpose of an effective information security training and awareness program is to establish and sustain an appropriate level of protection for data and technology resources by increasing users’ awareness of their information security responsibilities. Specific objectives of this program include:
- Improving awareness of the need to protect information resources;
- Ensuring that users clearly understand their responsibilities for protecting information resources;
- Ensuring that users are knowledgeable about the Academy’s information security policies and practices and develop skills and knowledge so they can perform their jobs securely;
- Maintaining compliance with MA 201-CMR 17, Section 2B.01.
All users will be required to complete security awareness training and training with respect to MMA’s information security policies upon hire and subsequently at least annually. MMA will maintain records, as it deems appropriate, that confirm a user has received training. Training may be delivered in person or online.
In addition to annual training, reinforcement training such as newsletters, email messages, digital signage, posters, webcasts and other means will be used on campus. The Security Training and Awareness program will also include unscheduled awareness assessments to ensure compliance with the training.
Any person who does not complete their mandatory security awareness training by the designated date, may be subject to disciplinary action, up to and including loss of access rights, termination of employment from the Academy.
In conjunction with Human Resources, the Infrastructure Technology department will develop and facilitate the Security Training and Awareness program, ensure all staff receive the appropriate security training associated with their responsibilities, and maintain records of training received.
This policy is owned by the Vice President of Technology and Library Services, who will coordinate any and all revisions.
|Framework||Regulations and Requirements||Supporting Standards and Procedures|
|SANS Top 20 Controls||PCI DSS - MA 201 - HIPAA|
|CSC 9-2, 9-3, 9-4||MA 201-CMR 17, Section 2B.01|
This section contains comments on any revisions that were made to this document and the date they were made.
|Version Number||Issued Date||Changes Made By||Description of Changes|
|1.0||1/12/2016||Compass ITC||Initial Draft|
|2.0||1/22/2016||Anne Marie Fallon||Added SANS framework, changed Responsibility section, additions made to Policy section.|
|2.0||2/5/2016||Anne Marie Fallon||Incorporated edits from other staff. Published this policy.|