Home

About the ISPO

Incidents

Services

Resources

Awareness and Education

University IT Policy


IT Compliance

There are many legal and regulatory reasons for policies and compliance controls, and why they should be applied. The bottom line is that having them is good business sense. They help avoid potentially costly, legal, punitive and embarrassing situations. In addition to serving as a resource, staff could use these to become better effective contributors in project settings and better understand how to secure their own systems and services.

The vast majority of compromised systems are usually as a result of a user falling for some form of cleverly worded social engineering trick. These ploys get users to give out personal information such as their HawkID and pass phrase, which allow criminals unfettered access to all of the systems and services their accounts have access to. Manipulation attacks could likewise entice users to click a link that brings them to an infected website. Malware that infecting systems this way, usually hook in and take hold via vulnerabilities from the unpatched or out of date system.

We have all heard the saying that there is strength in numbers. Without team effort, many projects and processes fail. A team only succeeds when all of the members understand the team goals, individual roles and how each person’s performance and commitment contribute to achieving the goals of the group.

Individuals should be encouraged to toughen and tighten up as much of their personal environment as they can, with the idea that if each team member does so; the result is an overall almost impermeable barrier to attack. Compliance is everyone’s responsibility. For more information on what you can do visit: http://learnaboutsecurity.uiowa.edu/compliance.shtml.

Compliance Training

Security Awareness your key to a secure IT experience

To help combat computer threats on the Internet, the University Information Security and Policy Office maintains IT security awareness education materials, to convey important computer security principles. Feedback received from previous years has enabled us to improve the online course to address these needs, and allow computer users to acquaint themselves with their roles and responsibilities in protecting university data and assets.

We recommend that all faculty, staff, and applicable student staff complete security awareness training. This course meets the requirement of various regulations that require security training (for persons with access to sensitive information), and takes on average only 30 - 60 minutes to complete.

You are invited to enroll and complete the course, located in Employee Self-Service “My Training” listed under ICON courses.  Step by step instructions for enrolling are listed below.

To register for the course:

To return to the course:


Please Note: The course will only show as completed in your HR-Self Service records if the ICON quiz is passed with an 80% or greater proficiency.

Additional training modules available through HR-Self Service are:

Digital Media Disposal Training (see available Sessions & Series in HR - Self Service)
FERPA Training (see available ICON Courses in HR - Self Service)
HIPAA Privacy Training(see available ICON Courses in HR - Self Service)

If you experience any difficulty and need assistance please contact the Information Security and Policy Office at 335-6332 or e-mail: it-security@uiowa.edu

External Non-UI IT Security related online courses:

TEEX (Texas A&M Engineering Extension Service) Domestic Preparedness Campus
http://www.teexwmdcampus.com/public_catalog.cfm
First time users will need to register. At the link above they would need to click New User. Fill out information that applies to them, leaving out the rest (i.e. military/federal government). Once uses register they access the course with the user ID and password they created upon registering.