Security Awareness Training

The Cal Maritime's Information Security Program provides direction for managing and protecting the confidentiality, integrity and availability of Cal Maritime information assets. In accordance with the California State University's Information Security Policy 8035, this Information Security Program contains administrative, technical and physical safeguards to protect campus information assets. Unauthorized modification, deletion or disclosure of information assets can compromise the mission of Cal Maritime, violate individual privacy rights and possibly constitute a criminal act.

The intent of the Information Security Program is to:

  • Document roles and responsibilities.
  • Provide for the confidentiality, integrity and availability of information, regardless of the medium in which the information asset is held or transmitted (e.g., paper or electronic)
  • Document risk management strategies to identify and mitigate threats and vulnerabilities to level 1 and level 2 information assets as defined in the Cal Maritime  Data Classification and Handling Standard
  • Document incident response strategies
  • Document strategies for ongoing security awareness and training
  • Comply with applicable laws, regulations, Cal Maritime and CSU policies
  • It is the collective responsibility of all users to ensure:
    • Confidentiality of information which Cal Maritime must protect from unauthorized access
    • Integrity and availability of information stored on or processed by Cal Maritime information systems.
    • Compliance with applicable laws, regulations, CSU policies and Cal Maritime  policies governing information security and privacy protection.

The Cal Maritime Information Security Program and security standards are not intended to prevent, prohibit or inhibit the sanctioned use of information assets as required to meet Cal Maritime's core mission and campus academic and administrative goals

Information Security Awareness Training will be assigned annually to all Cal Maritime staff, faculty, administrators, consultants, auxiliary employees, and student assistants, on the assumption that any of them may come into contact with sensitive data in the course of their work.

Employees must complete the assigned training within two months of its assignment. The training will automatically be reassigned one year after completion.