| Introduction - SharePoint
Security Training Policy |
Understanding the importance of SharePoint security, individual
responsibilities, and accountability for SharePoint security are paramount to
achieving organization security goals. This can be accomplished with a
combination of general SharePoint security awareness training and targeted,
product specific training. The philosophy of protection and specific security
instructions needs to be taught to, and re-enforced with, SharePoint users. The
SharePoint security awareness and training information needs to be continuously
upgraded and reinforced. . |
| Audience |
The [SharePoint
Portal Owning Organization] Security Training Policy applies
equally to all individuals that use any [SharePoint
Portal Owning Organization] Resources. |
| Purpose |
The purpose of the SharePoint Security Training Policy is
to describe the requirements to ensure each user of [SharePoint
Portal Owning Organization] SharePoint resources receives adequate training on SharePoint security issues. |
| SharePoint Security Training
Policy |
- All new SharePoint users must attend an approved SharePoint Security
Awareness training class prior to, or at least within 30 days of, being
granted access to any [SharePoint Portal Owning Organization] SharePoint
resources.
- All SharePoint users must sign an acknowledgement stating they have read
and understand [SharePoint Portal Owning Organization] requirements
regarding SharePoint security policies and procedures.
- All SharePoint users (employees, consultants, contractors, temporaries,
etc.) must be provided with sufficient training and supporting reference
materials to allow them to properly protect [SharePoint Portal Owning
Organization] SharePoint resources.
- [SharePoint Portal Owning Organization] security management must
prepare, maintain, and distribute one or more information security manuals
that concisely describe [SharePoint Portal Owning Organization] SharePoint
security policies and procedures.
- [SharePoint Portal Owning Organization] security management must develop
and maintain a communications process to be able to communicate new
SharePoint security program information, security bulletin information, and
security items of interest.
|
| SharePoint Security Training
Policy Supporting Information |
- SharePoint Security awareness by [SharePoint Portal Owning Organization]
personnel must be continually emphasized, reinforced, updated and validated.
- All [SharePoint Portal Owning Organization] SharePoint users are
responsible for managing their use of SharePoint and are accountable for
their actions relating to SharePoint security. Users are also equally
responsible for reporting any suspected or confirmed violations of this
policy to the appropriate management responsible for SharePoint security
incident handling.
|
| Disciplinary Actions |
Violation of this policy may result in disciplinary action which may
include termination for employees and temporaries; a termination of
employment relations in the case of contractors or consultants;
dismissal for interns and volunteers; or suspension or expulsion in the
case of a student. Additionally, individuals are subject to loss of [SharePoint
Portal Owning Organization] SharePoint access privileges, civil, and
criminal prosecution. |
| Compliance / Regulation
Contributed to by this Policy |
- Copyright Act of 1976
- Foreign Corrupt Practices Act of 1977
- Computer Fraud and Abuse Act of 1986
- Computer Security Act of 1987
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
|
Site 
Home 
About ARB
Blog 
SharePoint Dev Center 
Security Labs 
Contact
