Security Training for IT Service Providers
Security is intrinsic to everyone’s job here at CU Boulder. Regardless of your affiliation, if you play a role in ensuring the confidentiality, integrity, or availability of IT systems, information security can be a big part of being an IT Service Provider (ITSP). But do you know what those responsibilities are or what resources are available? When OIT Security recently surveyed our ITSP community, we heard the response loud and clear. Whether you serve as a guardian of University IT infrastructure, make decisions around IT, or support IT systems, you want a better understanding of what it means to be an ITSP and to be empowered with the knowledge and ability to confidently carry out this important role. And now, we’re delivering.
OIT is asking all members of our ITSP community to take annual training that introduces and reinforces the responsibilities of IT Service Providers and guides learners through scenarios likely to be encountered in the course of fulfilling ITSP responsibilities. Further, we are curating a library of additional role-based training and educational resources around digital security best practices.
Required Training
The foundational training for all ITSPs is knowing what security responsibilities are expected of you. (See APS 6005 for the policy.) Since March 2023, OIT has asked that all ITSP take the training Information Security for IT Service Providers which walks learners through their responsibilities and is available campuswide via Percipio.
OIT Security will annually message members of our ITSP community who have not already taken the course within the campus fiscal year and ask that ITSPs complete the training every year by June 30. OIT Security will follow up to drive to completion, coordinating with supervisors and unit heads as needed to drive awareness of these responsibilities within the ITSP community.
Additional Training Resources
OIT Security is committed to providing role-based training and resources to help the ITSP community secure their devices, data, intellectual property, and systems. Below are additional trainings and resources. This list will be updated periodically.