Information Security Awareness and Training: Difference between revisions

← Older edit

Information Security Awareness and Training (view source)

Revision as of 13:18, September 29, 2025

123 bytes added , September 29

→‎Additional Information: updated HIPAA Security Rule link - 3x

VisualWikitext

Afaylor

Bureaucrats, Administrators

1,735

edits

@@ Line 35: / Line 35: @@
 <big>'''Information Security Awareness and Training Policy'''</big><br /><br />
 == Basis for Policy ==
-Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] outline considerations for the access control family of security controls.
+Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls.
 == Policy ==
-Nebraska Medicine/UNMC implements reasonable and appropriate security awareness and training in alignment with National Institute of Standards and Technology (NIST) standards and guidance.[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule], the Family Educational Rights and Privacy Act (FERPA), and Payment Card Industry Data Security Standards (PCI/DSS) outline considerations for the security awareness and training family of security controls. Nebraska Medicine/UNMC will strive to reach a level of security awareness both to prevent improper access to or use or disclosure of Protected Information and to ensure detection and reporting of any improper access, use or disclosure that may occur.
+Nebraska Medicine/UNMC implements reasonable and appropriate security awareness and training in alignment with National Institute of Standards and Technology (NIST) standards and guidance.[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule], the Family Educational Rights and Privacy Act (FERPA), and Payment Card Industry Data Security Standards (PCI/DSS) outline considerations for the security awareness and training family of security controls. Nebraska Medicine/UNMC will strive to reach a level of security awareness both to prevent improper access to or use or disclosure of Protected Information and to ensure detection and reporting of any improper access, use or disclosure that may occur.
 ==Procedure==
 ===General===
@@ Line 96: / Line 96: @@
 *[http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]
 *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53]
-*[https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule]
+*[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule]
 This page maintained by [mailto:mhurlocker@unmc.edu mh].