Workforce Manager
As someone who manages other UC personnel, you set the tone for embedding cybersecurity practices into the day-to-day work of your teams. Your checklist includes the following steps:
- Set an example. Practice basic cyber hygiene.
- Factor cybersecurity duties into job descriptions. Embed cybersecurity into your recruiting practices and hiring decisions. Update job descriptions periodically and make sure information security duties are clear.
- Keep up with training. Ensure your team completes training required for their positions. UC offers many excellent training resources. Everyone must complete a basic cybersecurity awareness training module. Make sure your technical staff has access to the resources it needs to complete security duties.
- Review access rights annually. Follow the principle of least access privilege to ensure people only have access to the minimum applications needed to do their jobs. Remember to remove access as needed when employees leave or change roles.
- Take a risk-based approach to decision-making. For example, when reviewing access rights, consider the risks of exposing more people than absolutely necessary to the information contained in the application. Then act accordingly to ensure the right levels of protections are in place.
- Separate duties when designing job duties so that requestor, approver and implementer are separated. This is a critical step in reducing the risk of malicious activity with collusion.
- Promptly address reported, suspected or actual security violations. Any events involving Institutional Information classified Level 3 or above must be reported to the Chief Information Security Officer (CISO). Click here for more information about Protection Levels and Availability Levels.
- Know the location of Institutional Information and IT Resources. Make sure you’re aware of the physical and virtual location of Institutional Information and IT Resources. As a Workforce Manager, you should know about and approve of storage and work locations involving UC assets.
For a comprehensive list of cybersecurity tasks before, during and after employment of your team members, read Section III, Subsection 7 of UC’s Information Security Policy.