Skip to main content
STG

Information security

Information security training programme of the University of Santiago de Compostela

Hands typing.

The security of an organisation lies mainly in the proper training of its staff and the implementation of good practices in the handling of the information it must look after.

No security measure is more important than making each employee fully aware of their role in the organisation, of the rules they must follow, of the action protocols they must practice and, finally, of the continuous evaluation and improvement of their performance when working with the data that the institution hands over to their responsibility.

Therefore, it is necessary to establish an awareness and training plan, under the provisions of the National Security Scheme and as part of USC’s commitment to the security of the data it handles. This is aimed at all its staff to promote the establishment of procedures, good practices and guidelines for the use of information of all kinds that is produced, looked after, sent, stored and disseminated by the institution in the fulfilment of this aim in the area of teaching, research, knowledge transfer or any other in which it is involved.

  • Determination of contents - Staff training services and Information Security Area.
  • Formalisation of the communication plan, which respects the visual image and the way it is transmitted and reaches the target audience - Communication Office and Learning Technologies Centre.

Training actions in the field of information security are necessary on a permanent basis due to the continuous changes that are produced in the digital context. Thus, and on a regular basis, activities will be programmed and materials will be published for their dissemination to contribute to defining a critical awareness among the university community.

All the materials used in the plan will be collected in virtual classrooms, which may be different for each group of USC staff, and will be organized in the form of an information security awareness and training course. The infrastructure of the USC virtual campus will be used. The possibility will be studied of making it compulsory for all personnel working at the USC to take the course, and that all new recruits must also pass it.

In addition to the complete and formally structured contents, each employee will receive specific impacts in the form of "pills" of eminently practical content designed to implement new behaviours, reinforce daily security practices and illustrate day-to-day situations with practical examples.

The target audience of the actions will be USC workers, without distinction between teaching and research staff, administration and services staff and researchers.