Section 6: Training to Increase Security AwarenessAnchor: #i1054343
This section explains how TxDOT will increase attention to potential threats, enabling individual users of Agency information resources to avoid behavior that could put its information systems at risk. As part of the Security Awareness Policy, this information provides the parameters to establish an awareness and training program to boost the “Protect” objective of the Texas CyberSecurity Framework.Anchor: #i1022380
TxDOTsecurity awareness and training program provides:
- initial access to those who have a legitimate reason to be on the TxDOT network
- role-based, specific training for those who have elevated duties, privileges, and authority, including the individuals who manage, administer, operate, and design IT systems
- periodic updates and notification of evolving security practices.
Threat Awareness Program. TxDOT will implement a threat awareness program that includes cross-organization information sharing capability.Anchor: #i1022411
All individuals who use TxDOT information resources must complete the Security Awareness training within a reasonable time of receiving a unique identifier, commonly known as a user ID, and access to Agency resources. Additionally, the following roles have specific responsibilities:
Information Security Office. Office staff must collaborate with the Workforce Development staff to create and update
- baseline Security Awareness training programs for all individuals who access Agency information resources.
- intermediate Security Awareness training programs for Information Owners and Information Custodians, as defined in Chapter 1, Section 3.
- advanced Security Awareness training programs for publication specialists who are tasked with releasing information to the general public, regardless of the medium.
Both the Information Security and Workforce Development staff collaborate to deliver these training programs on a periodic basis.Anchor: #i1106267
Compliance and Standards
See the “Training Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Security Awareness Policy.