Policies
Welcome to Farmingdale State College’s Policy Library. This library is the official repository for all institutional policies and procedures and is intended to be a resource for faculty, staff and students seeking information related to the policies that govern the institution. This library does not contain department-specific policies and procedures. Please contact the department for specific departmental policies and procedures.
Please direct all questions regarding policy content to the Responsible Office listed on the respective policy.
If you wish to propose or amend an institutional policy, please review the Policy for Developing Institutional Policies and complete the Policy Proposal Form.
For assistance with drafting and amending policies, please refer to the Policy Writing Guidance and/or contact the Risk and Compliance Office at 934-420-5365.
Cyber Security Awareness and Education Policy
Policy Purpose
Computer security is not just about keeping systems and networks secure. It is also about the people who use those systems and how their behaviors can lead to cyber exploitation. Proper training can reduce the number of people who do careless things that cause a security incident or breach.
Training and education must be ongoing due to the ever-increasing variety and sophistication of cyber threats. These include but are not limited to spam, phishing, spoofing, malware, and ransomware, which can result in identity theft, data corruption, loss of intellectual property, operational disruption, and damage to the reputation of the institution. By law, Farmingdale State College is liable for losses, fines and penalties caused by data breaches, on top of the internal costs for incident investigation and remediation. Moreover, loss of trust in the College’s ability to protect the personal information of stakeholders could result in reductions in donations, grant funding, and student enrollment.
Persons Affected
All employee user account holders
Policy Statement
In accordance with SUNY policy and the National Insistutue of Standards and Technology (NIST), all employee users will be required to complete regular training. In addition to annual training, College-wide awareness campaigns will be ongoing, via newsletters, video bulletin boards, and other means. The awareness and education program will include the following:
- Ongoing assessment of user compliance with cyber security standards
- Remedial training for those found not practicing good cybersecurity defenses
Training completion results will be maintained by the Director of Information Technology.
Procedures
- Training Program:
- Prior to fall semester, the training system’s online training modules are reviewed and selected by the Director of Information Technology for the upcoming academic year.
- The annual training is rolled out in October, which is Cyber Security Awareness Month.
- Users are instructed by an automated email to take the designated annual training, which is securely accessed through a link via the Farmingdale IT webpage. Once this training is successfully completed, the user has fulfilled their annual training requirement, unless they click on a test phishing email.
- Periodic simulated phishing emails are sent from the system to employees to gauge their skill level. Employees ‘clicking’ on links or opening attachments in the simulated phishing tests are assigned additional refresher training.
- Communications:
- Director of Information Technology informs the Executive Vice President via email about the upcoming rollout of the annual cyber security training program in advance of employee communications.
- An email from the President or designee will be sent out informing employees about the cyber security training program and its upcoming launch prior to the annual rollout of Cyber Security Training.
- A welcome message is sent from the Director of Information Technology informing each user that they have been enrolled in annual cyber security awareness training. This message is sent via an email originating from the training system. Existing users receive the welcome email when the annual training campaign starts in October.
- New employees are required to complete cyber security awareness training within 30 days of account creation.
- Information regarding cyber security is disseminated using newsletters throughout the academic year by the Director of Information Technology. The newsletter articles include updates, scam alerts, tips, thanks, reminders, and notifications of deadlines for completion of training and consequences of non-compliance.
- Reminder messages are sent out periodically via the training system to individuals who have not started or have not completed their training.
- Required training system users:
- Users accounts are sourced from our directory service.
- All users with active employee accounts will be included the training.
- Examples of an employee account are those that have an active job (for faculty, staff, and administrators), are assigned a course (for adjuncts), or are non-employees who have been granted an employee level account.
- Compliance:
- The user is reported to their supervisor if they have not completed the annual training by the deadline.
- This will be further escalated to the Area VP if the training has not been completed after two weeks after reporting it to their supervisor.
- Review:
- The Training Program will be reviewed at least annually.
- Any event such as a policy or requirement change will trigger a review.
Definitions
Users – Any person who has a Farmingdale State College User Account with employee level permission to use network resources.
Related Documents
SUNY Information Security Policy 6900
SUNY Information Security Guidelines: Campus Programs & Preserving Confidentiality
Responsible Office
Information Technology
Policy History
Revised Date: 5/8/2024
Policies
Categories
- Academic Integrity Policy
- Amnesty Policy
- Aviation Flight Center Safety Policy
- Campus Policy For Preferred First Name
- Campus Policy for Animals Care and Use for Research
- Campus Policy for Assignment of Credit Hours
- Campus Policy for Credit‐By‐Evaluation
- Campus Policy for Transfer Credit
- Captioned Media Policy
- Faculty Compensation and Load Credit for Credit‐Bearing Internships
- General Education Requirements
- Grade Grievance Procedure
- Guidelines for Academic Standing for Matriculated Undergraduate Students
- Plagiarism Detection and the Family Education Rights and Privacy Act (FERPA)
- Planning & Conducting Distance Learning
- Policies for Academic Standing for Non-Matriculated Students
- Policy and Procedure Guide For Faculty Led Study Abroad Programs
- Policy for Recording Classroom Instruction
- Professional Licensure Student Location Policy
- Research Integrity Policy
- Specially Designated Course Policy
- Student Attendance Policy
- Syllabus-Guide
- Writing-Intensive Requirement
- Acceptable Use Policy for Computer Facilities
- Additional Sick Leave Request Guidelines(a.k.a. Presidential Sick Leave)
- Affirmative Action Search Waivers Policy
- Also Receives Policy
- Alternate Work Arrangements Policy
- Alternate Work Location Policy
- Background Investigation Policy
- Chosen Identity Policy
- Civility and Bullying Policy
- Discrimination and Sexual Harassment Complaint Policy & Procedure
- Discrimination and Sexual Harassment Complaint Procedure for Title IX Sex Discrimnation and Sex-Based Harassment
- Domestic Violence and the Workplace Policy
- Drug and Alcohol Free Workplace Policy
- Extra Service Processing Procedure
- Farmingdale State College Consensual Relationship Policy
- Gender-Based Violence and the Workplace Policy
- Informal Resolution Policy
- Internal Promotion Policy
- Nepotism Policy
- New Position Justification
- Part Time Recruiting and Hiring Policy
- Reasonable Accomodations for State Employees
- Reimbursement of Moving Expenses Policy
- Religious Accomodations Policy
- Sexual Harassment Response and Prevention Policy Statement
- Telecommuting Policy
- Tobacco Use Policy
- Volunteer Policy
- Workplace Violence Prevention Policy
- Acceptable Use Policy for Computer Facilities
- Banner Security Policy
- College Email Policy
- Copyright Guidelines
- Cyber Security Awareness and Education Policy
- Data Communication Network Security Policy
- Farmingdale Information Security Policy
- Farmingdale State College Privacy Policy
- GDPR Privacy Notice
- Guidelines for the use of Digital Material
- Retiree Email Policy
- Wired or Wireless Network Policy
- Child Protection Policy
- Discrimination and Sexual Harassment Complaint Policy & Procedure
- Discrimination and Sexual Harassment Complaint Procedure for Title IX Sex Discrimnation and Sex-Based Harassment
- Fraud and Irregularities Policy
- Mandatory Reporting and Prevention of Child Sexual Abuse
- Records Retention and Management Policy
- Chosen Identity Policy
- Discrimination and Sexual Harassment Complaint Procedure for Title IX Sex Discrimnation and Sex-Based Harassment
- Farmingdale State College Consensual Relationship Policy
- Farmingdale State College Student Alcohol Policy
- Grievance Procedure for Sex-Based Harassment Complaints for Students (including NYS 129B requirements)
- Informal Resolution Policy
- Involuntary Leave of Absence Policy
- Personal Transportation Device Policy
- Policy and Procedures on Students Rights and Assembly
- Refund Policy
- Request and Grievance Policy for Student Disability Related Accommodations
- Sexual Harassment Response and Prevention Policy Statement
- Student Immunization Policy