State IT Policy IT-15 (Security Awareness and Training) mandates that agencies put system users, be they employees, contractors, temporary personnel or other agents of the state, through annual security awareness training. The Office of Information Security and Privacy is charged with making a solution for such training available to the agencies. Agency personnel who believe they may not have received such training should reach out to their agency's security point of contact. Agency administrators and security points of contacts seeking more information about this program should contact the Office of Information Security and Privacy.
In addition to basic IT security awareness training, agencies are encouraged to provide role-based security training that focuses on the unique responsibilities for protecting State assets that are inherent in particular job functions. Certain roles may require more targeted training, such as business managers, senior executives, information owners, application developers, systems administrators, database administrators and desktop support.
The resources below are intended to help agencies meet the requirements for ongoing user education. They can be used and customized by agencies for use in awareness e-mails, presentations, and posting in public areas.
MS-ISAC Security Awareness Posters: