Article 45 – Information Security
49020.7.3.1 Security Awareness Training within CDCR
-
All persons who have access to any CDCRCalifornia Department of Corrections and Rehabilitation information shall be provided security awareness training at the time such access begins and at minimum annually thereafter. The Information Security Coordinators shall ensure that security awareness training is provided prior to the employees’ self-certification of their awareness of CDCRCalifornia Department of Corrections and Rehabilitation’s information security policies, and the renewal of access privileges to CDCRCalifornia Department of Corrections and Rehabilitation information resources.
-
Security awareness training falls into the following two categories:
-
Information Security
-
All individuals having access to CDCRCalifornia Department of Corrections and Rehabilitation information shall be made aware of the background, scope, and objectives of CDCRCalifornia Department of Corrections and Rehabilitation’s information security program and of specific CDCRCalifornia Department of Corrections and Rehabilitation information security policies and procedures that are applicable to the level and type of access granted to the individual. The minimum training shall consist of completion of the departmental computer-based training module.
-
-
Incident Reporting
-
All CDCRCalifornia Department of Corrections and Rehabilitation employees shall also be made aware of the events and activities that constitute threats to the organization for which they work and of the actions to be taken when confronted by those events or activities (see DOMDepartment Operations Manual § 49020.12).
-
-