Educause Security Discussion mailing list archives
Re: Security language in all IT job descriptions
From: Dan Oachs <doachs () GAC EDU>
Date: Wed, 7 Nov 2018 10:11:16 -0600
I'd argue that what you are proposing should be included in pretty much any job description. We don't have anything like this in place, but we are trying to make an effort to educate all employees that information security is EVERYONE's responsibility. What you are suggesting sounds like a good step in the right direction.
--Dan Oachs On 11/6/18 11:34 AM, Andrea Childress wrote:
Hello all,Does anyone have any language in IT (or all employee) job descriptions that requires information security responsibility? We want to add some language to hold people accountable in job descriptions that translate into performance evaluation elements.If you do, is it the same language for all job descriptions or do you have separate language by job type i.e. system admins are required to patch servers?We are discussing ideas such as: High degree of confidentiality and integrity Coordinate and take direction from security standards Use security approved tools and resources Follow onboarding process for new services and projects Communicate and report security incidents and issues to management Thanks in advance, Andrea Andrea Childress Executive Director UNK Information Technology Services Governance, Risk, and Compliance Cybersecurity and Identity | ITS | 114 Otto Olsen, 68849 University of Nebraska | nebraska.edu Kearney | Lincoln | Omaha 308-865-8789
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Security language in all IT job descriptions Andrea Childress (Nov 06)
- Re: Security language in all IT job descriptions Kevin Wilcox (Nov 06)
- Re: Security language in all IT job descriptions John Virden (Nov 06)
- Re: Security language in all IT job descriptions Dan Oachs (Nov 07)