|
This is the training policy page. If you are looking for training courses, go here>>>
In keeping with the policy that Line Management Owns Security, employees and supervisors are required to evaluate the training and knowledge requirements for the tasks they have been assigned.
The CPP has established Minimum Training Requirements for several categories of individuals. Like the Minimum Security Policies, these policies set the minimum threshold for appropriate training - you and your line management are responsible for identifying any necessary additional training you need to do your work in a secure manner.
Annual Computer / Cyber Security Refresher: SEC 0201 SEC0201
Type: Online, Location: http://lbl.gov/cyber/training/
Requirement: All Computer Using Employees
Recommended: All Computer Using Participating Guests
Authoritative Training Record: JHQ/Training Database
Waiver Policy: Employees who do not have an LDAP account and do not ever use LBNL networks or computers (this includes all LBNL networks includuding those at Potter Street and at UCB locations served by LBNL systems) may receive a waiver. You division safety coordinator can request the waiver by emailing cppm@lbl.gov . Please group these requests together to minimize processing if you have multiple requests.
Privacy and HIPAA Training : SEC 0220 SEC0220
Type: Online, Location: http://www.lbl.gov/cyber/training
Requirement: Beginning in 08, all employees in HR and employees in IT and CFO who handle or have access to PII.
Recommended: Business Managers, Travel Administrators, Others
Authoritative Training Record: JHQ/Training Database
Waiver Policy: There are no waivers for this course. However, it may be credited from in person training with permission of the Privacy coordinator.
LBNL Cyber Security Training Policy
In keeping with the policy that Line Management Owns Security, employees and supervisors are required to evaluate the training and knowledge requirements for the tasks they have been assigned.
The CPP has established Minimum Training Requirements for several categories of individuals. Like the Minimum Security Policies, these policies set the minimum threshold for appropriate training - you and your line management are responsible for identifying any necessary additional training you need to do your work in a secure manner.
CPP reviews, as necessary but at least annually, the content of required training courses. The CPPM approves the training content and scope for the Laboratory. Training requirements are implemented via the JHQ/Training system which creates a de facto applicability policy. The JHQ/Training system provides management reporting and individual tracking.
Responsibilities:
| Senior Management / CIO |
Demonstrate labwide committment to training.
|
| CPP |
Identify minimum training and awareness requirements, develop curriculum, implement through institutional training systems, improve curriculum and requirements to adjust to changing threat models, risks, and identified deficiencies. Manage an awareness program for ongoing awareness of cyber security issues including ongoing reminders, websites, communications, etc.
|
| CPPM |
Approve training requirements and curriculum.
|
| EHS |
Maintain institutional training system.
|
| DIR/PIO |
Manage labwide LBNL communications such as TABL and View.
|
| Division Safety Coordinators and Liaisons |
Track overall division traininng performance and notification. Issue waivers per Division and LBNL policy.
|
| Computer Protection Implementation Committee Mebmers/Liaisions |
Work with DSCs and CPP to assist divisions with meeting training requirements.
|
| Enclave owners |
Identify any enclave-specific mandatory training requirements.
|
| Managers |
Supervise training requirments for reports, for both institutionally required and additional training.
|
| Employees |
Take training, identify additional job-specific requirements for further training. Provide feedback to CPP on opportunities for training and awareness improvement.
|
|
