Re: Security language in all IT job descriptions

[Dan Oachs <doachs () GAC EDU>]

I'd argue that what you are proposing should be included in pretty much 
any job description.  We don't have anything like this in place, but we 
are trying to make an effort to educate all employees that information 
security is EVERYONE's responsibility. What you are suggesting sounds 
like a good step in the right direction.


--Dan Oachs


On 11/6/18 11:34 AM, Andrea Childress wrote:
> Hello all,
>
> Does anyone have any language in IT (or all employee) job descriptions 
> that requires information security responsibility? We want to add some 
> language to hold people accountable in job descriptions that translate 
> into performance evaluation elements.
>
> If you do, is it the same language for all job descriptions or do you 
> have separate language by job type i.e. system admins are required to 
> patch servers?
>
> We are discussing ideas such as:
>
> High degree of confidentiality and integrity
>
> Coordinate and take direction from security standards
>
> Use security approved tools and resources
>
> Follow onboarding process for new services and projects
>
> Communicate and report security incidents and issues to management
>
> Thanks in advance,
>
> Andrea
>
> Andrea Childress
>
> Executive Director
>
> UNK Information Technology Services
>
> Governance, Risk, and Compliance
>
> Cybersecurity and Identity | ITS |
>
> 114 Otto Olsen, 68849
>
> University of Nebraska | nebraska.edu
>
> Kearney | Lincoln | Omaha
>
> 308-865-8789

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature