60DD-2.008. Personnel Security and Security Awareness (Transferred to 71A-2.008)

Effective on Tuesday, August 10, 2004

1(1)(a) End User Requirements, General.

6(b) Standard. Every employee shall be held responsible for information resources security to the degree that his or her job requires the use of information resources.

32(2)(a) Positions of Special Trust or Responsibility or in Sensitive Locations. Individual positions must be analyzed to determine the potential vulnerabilities associated with work in those positions. Agencies shall prepare written procedures for personnel in positions of special trust or having access to sensitive locations. Agencies shall utilize ISO/EC 17799-2000(E), 8.6.3, Information Handling Procedures, incorporated by reference at subsection 9160DD-2.010(15), 92F.A.C., as a guide for development of procedures.

100(b) Standard. Agencies shall establish procedures for reviewing data processing positions that are designated as special trust or are in sensitive locations.

122(c) Standard. Agencies shall conduct background investigations for personnel in positions of special trust or having access to sensitive locations as set forth in Sections 147110.1127 148and 149435.04, F.S.

151(3) Security Awareness and Training. An effective level of awareness and training is essential to a viable information resource security program.
172(a) Standard. Agencies shall provide an ongoing awareness and training program in information security and in the protection of state information resources for all personnel whose duties bring them into contact with critical state information resources. Security training sessions for these personnel shall be ongoing. Agencies shall utilize NIST Building an Information Security Technology Awareness and Training Program, Special Publication 800-50, incorporated by reference at subsection 23860DD-2.010(12), 239F.A.C., as a guide for development of such programs.

248(b) Standard. Awareness and training in security shall not be limited to formal training sessions, but shall include ongoing briefings and continual reinforcement of the value of security consciousness in all employees whose duties bring them into contact with critical state information resources.

291(c) Standard. Departments shall apply appropriate sanctions against any employee who fails to comply with its security policies and procedures.
311Specific Authority 282.102(2), (16) FS. Law Implemented 318282.318 FS. 320History–New 8-10-04.

Rulemaking Events:

View Governor's Review

View JAPC's Review

Related Statutes:

Related Notices (2)

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        var href = decodeURIComponent(window.location.href);
                        var url = decodeURIComponent(escape(href.split("#")[0]));
                        url = decodeURIComponent(escape(url.split(",")[0]));
                        art.dialog.defaults.title = url;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');