ࡱ> xzw~'` 0bjbj"9"9 7`@S@S(XXXX|<:U2NNNN)7!t"TTTTTTT$VhDYT&))&&TNNTf'f'f'&"NNTf'&Tf'f'mLPN H_jX'eN8T U0:UNTY.'"YpPYPg#$f'Q%%g#g#g#TTP'g#g#g#:U&&&&   TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc329844500" Title: Security Awareness Communications Plan  PAGEREF _Toc329844500 \h 2  HYPERLINK \l "_Toc329844501" Purpose:  PAGEREF _Toc329844501 \h 2  HYPERLINK \l "_Toc329844502" IT security awareness Objectives:  PAGEREF _Toc329844502 \h 2  HYPERLINK \l "_Toc329844503" Information Security Basics  PAGEREF _Toc329844503 \h 2  HYPERLINK \l "_Toc329844504" Confidentiality  PAGEREF _Toc329844504 \h 3  HYPERLINK \l "_Toc329844505" Integrity  PAGEREF _Toc329844505 \h 3  HYPERLINK \l "_Toc329844506" Availability  PAGEREF _Toc329844506 \h 3  HYPERLINK \l "_Toc329844507" Why is a Security Awareness Program needed?  PAGEREF _Toc329844507 \h 3  HYPERLINK \l "_Toc329844508" Audiences  PAGEREF _Toc329844508 \h 3  HYPERLINK \l "_Toc329844509" Security Awareness Message:  PAGEREF _Toc329844509 \h 4  HYPERLINK \l "_Toc329844510" Target audience is located:  PAGEREF _Toc329844510 \h 4  HYPERLINK \l "_Toc329844511" Communication methods to be used for Security Awareness:  PAGEREF _Toc329844511 \h 4  HYPERLINK \l "_Toc329844512" Purpose of Communication:  PAGEREF _Toc329844512 \h 5  HYPERLINK \l "_Toc329844513" Frequency of communication:  PAGEREF _Toc329844513 \h 5  HYPERLINK \l "_Toc329844514" Sponsors  PAGEREF _Toc329844514 \h 5  Title: Security Awareness Communications Plan Purpose: The goal of the City of Albuquerque Information Security Program is to increase the awareness of the workforce through a security awareness program. Security awareness is a single component of a larger security program. It is with security awareness, that a successful security program can be achieved. The City of Albuquerque cannot protect the Confidentiality, Integrity and Availability (C.I.A) of information in todays highly networked systems environment without ensuring that each person involved understands their roles and responsibilities. The human factor is so critical to success of protecting information assets. The Security Awareness Communications Plan is to provide the roadmap for how this communication will be carried out. IT security awareness Objectives: Computer security is the protection of the Confidentiality, Integrity and Availability of automated information and the resources used to enter, store, process, and communicate it. Good security practices provide this protection. Security awareness programs are typically broken down into two different, yet related components of awareness and training. The goal of awareness is to raise the collective awareness of the importance of security and security controls. Security awareness is a blended solution of activities that promote security, establish accountability, and inform the workforce of security news. Awareness seeks to focus an individuals attention on an issue or a set of issues. Awareness is a program that continually pushes the security message to users in a variety of formats. The goal of training is to facilitate a more indepth level of user understanding and on their responsibility to help protect the confidentiality, integrity and availability of their organizations information and information assets. Information security training strives to produce relevant and needed security knowledge and skills within the workforce. Training supports competency development and helps personnel understand and learn how to perform their security role. The objective of this Security Awareness Communications Plan is to convey how security awareness and training will be facilitated. Information Security Basics In order to understand the value and requirements of security awareness it is helpful to first examine a few fundamental information security principles. Security awareness is a single component of a larger security program and should map directly to its goals. The overall objective of an information security program is to protect the confidentiality, availability and integrity of an organizations information and information assets. The key concept here to consider is that aspects of information and information assets must be protected, not just the information or assets themselves. These fundamental principles are as follows: Confidentiality attempts to prevent the intentional or unintentional unauthorized disclosure of information. Integrity ensures that modifications are not made by unauthorized personnel or processes; unauthorized modifications are not made to data Availability ensures the reliable and timely access to data or computing resources by the appropriate personnel. All attacks, no matter what type, are designed to compromise one or all three of these fundamental principals. For example, if a user's laptop is stolen, then an unauthorized person can read or share the information stored on the machine, affecting the confidentiality of the organization's information. They can affect the integrity by changing information and disseminating it as if it has not been changed. Finally, if the information on the laptop has not been backed-up, they can affect the availability by making the information no longer accessible to the user or organization. Why is a Security Awareness Program needed? Inadequately control of protected information systems can have some very serious consequences, including: The misuse of privacy and confidentiality for individuals on whom data is collected, processed, and stored, Improper access to the City of Albuquerques proprietary information with intent to use that information for personal use or personal gain. the inability to perform our mission and provide the public with our services, The waste, loss or misappropriation of funds, and The loss of credibility or embarrassment to our agency Needed to communicate security concerns to the community, and educate the internal and external stakeholders of the City of Albuquerque. This plan is not just to convey information, but to change behavior by persuading people to take action toward the organizations objectives. Employees must understand that they are the targets and their actions can greatly impact the overall security position of the City of Albuquerque and that these risks are in existence whether you are at work or home. Audiences Information Security is everyones concern and requires involvement from each City of Albuquerque staff and business partner. However, not everyone needs the same degree or type of information security awareness to do their jobs. Listed is the target audience for the Security Awareness Communication plan. Senior Management: Top-level management Management: Middle-management and others in a leadership role Technical Custodians: Anyone who has extraordinary access, knowledge and skills pertaining to the organization's network, systems and/or procedures. They perform job functions such as system/network/user administration, hardware configuration, application development/implementation and technical support. End Users: Anyone who is authorized to use the organization's information and information systems. End Users subsume the three categories above. External business partners: Anyone authorized to conduct business with the City of Albuquerque Security Awareness Message: The Awareness messages are used to promote information security and inform users of threats and vulnerabilities that impact the agency and personal work environment by explaining the what but not the how of security, and communicating what is and what is not allowed. Awareness not only communicates information security policies and procedures that need to be followed, but also provides the foundation for any sanctions and disciplinary actions imposed for noncompliance. Awareness is used to explain the rules of behavior for using the citys information systems and information and establishes a level of expectation on the acceptable use of the information and information systems. The key messages to be delivered: You are each responsible for Information Security - necessary actions to protect the individual, the organization, and its infrastructure. Explicit, tactical behaviors that each of us needs to follow to keep the City of Albuquerque secure. Keep Security Top of Mind - recognize that we are all responsible for security and need to keep security top of mind. Security is realized through a top-down approach from senior management to individual contributors. Target audience is located: The target audience is spread throughout all areas of the City. Additionally, business partners could be physically located anywhere. With the implementation of, and the increased level of mobile users, the target audience in no longer limited to the controlled point to point type environment. Communication methods to be used for Security Awareness: Security awareness is a blended solution of activities that promote security, establish accountability, and inform the workforce of security news. Awareness seeks to focus an individuals attention on an issue or a set of issues. Awareness is a program that continually pushes the security message to users. The method by which this message will be carried out will be: Electronice-mail, newsletter, Social media A Web portal that provides a one-stop-shop for security information. Printedposter, brochure Employee Orientation Face to face presentations Purpose of Communication: Each message to be delivered will be to educate and train the workforce in the most common areas of vulnerability which will include: Social Engineering Viruses, Trojans and Worms Virus Hoaxes and Spam Email and Internet Usage The Employee Internet Use policy and Personnel Rules and Regulations Section 301.3 addresses Email and Internet use. Unauthorized Software and Hardware Access Control principle least privilege, separation of duties, and backup procedures Rules of behavior. Frequency of communication: The frequency at which awareness communications are to be distributed will be, at a minimum, monthly. In the event of an urgent message to communications to the target audience, message will be approved by the CIO and Security Administrator. Sponsors: The sponsors of the Security awareness communication are: Mayor of the City of Albuquerque, City Council, ISC, TRC, CAO CIO, 789:hijүҤpVҤ2jh/Sh O>*B*UmHnHphu&h/S5;OJQJ\^JmHnHu j}h OUmHnHujh/SUmHnHuh/SmHnHu2jh/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHu$jhqh/S0JUmHnHuh/Sjh/SU9 5 > u / z gd:K$d7$8$H$a$gdwgd3gd1$a$gd3 Z' Z' Z'0   3 4 5 6 7 8 9 : ; W X Y Z u v w ²¤¤p²¤V¤2jh/Sh O>*B*UmHnHphu jqh OUmHnHu2jh/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/S5CJ\aJmHnHu$jhqh/S0JUmHnHuh/SmHnHujh/SUmHnHu jwh OUmHnHu   ²¤¤pc¤I2jh/Sh O>*B*UmHnHphuh/SCJaJmHnHu jeh OUmHnHu2jh/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/S5CJ\aJmHnHu$jhqh/S0JUmHnHuh/SmHnHujh/SUmHnHu jkh OUmHnHu    / 0 1 2 3 4 5 6 7 S T U V b c d ~  ׳r׳X2jh/Sh O>*B*UmHnHphu jYh OUmHnHu2jh/Sh O>*B*UmHnHphuh/SmHnHuh/SCJaJmHnHu$jhqh/S0JUmHnHu j_h OUmHnHujh/SUmHnHuh/SmHnHuhqh/S0JmHnHu"        8 9 : ; < = > ? @ \ ] ^ _ z { | rX2jh/Sh O>*B*UmHnHphu jMh OUmHnHu2jh/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/SCJaJmHnHu$jhqh/S0JUmHnHu jSh OUmHnHuh/SmHnHujh/SUmHnHu"     S T U o µ§§sµ§Y§2j h/Sh O>*B*UmHnHphu jA h OUmHnHu2j h/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/SCJaJmHnHu$jhqh/S0JUmHnHuh/SmHnHujh/SUmHnHu jG h OUmHnHu o p q r s t u v w   ) µ§§sµ§Y§2j h/Sh O>*B*UmHnHphu j5 h OUmHnHu2j h/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/SCJaJmHnHu$jhqh/S0JUmHnHuh/SmHnHujh/SUmHnHu j; h OUmHnHu ) * + , - . / 0 1 M N O P X Y Z t u v w x y z { | µ§§sµkgc\c\ hwh{(ih1h/Sjh/SU j)h OUmHnHu2j h/Sh O>*B*UmHnHphuh/SmHnHuhqh/S0JmHnHuh/SCJaJmHnHu$jhqh/S0JUmHnHuh/SmHnHujh/SUmHnHu j/ h OUmHnHu M?GCMNjkJQR̹̹̩̹ۜzeO<$hsh{(i0JCJOJQJ^JaJ+h&6fh{(i6B*CJOJQJ]aJph(h&6fh{(iB*CJOJQJ]aJphh1B*CJOJQJaJph"h&6fh{(i5CJOJQJ\aJh&6fh{(iOJQJ^Jh&6fh{(i5OJQJ\^J%h&6fh{(iB*CJOJQJaJphh&6fh{(iCJOJQJaJ#hsh{(i6CJOJQJ^JaJ#h1h{(i6CJOJQJ^JaJ01MNjkqTOP 7$8$H$gd4Td7$8$H$gd4Tgds $7$8$H$a$gd4T$d7$8$H$a$gd/S dgd/Sd7$8$H$gdw$d7$8$H$a$gdWo$a$gdWogd:KT]O M!b!"1"F"R"""##G$˺vgvUUUU"h&6fh{(i5CJOJQJ\aJh&6fho^CJOJQJaJh&6fhqCJOJQJaJh&6fh{(iCJOJQJaJ h/Sh/Sh{(iCJOJQJ^JaJ h/Sh{(iCJOJQJ^JaJ h3h{(iCJOJQJ^JaJ%h&6fh{(iB*CJOJQJaJph$hsh{(i0JCJOJQJ^JaJhsh{(iCJOJQJaJ3,|q }od7$8$H$gd/S & F d7$8$H$gdo^ & F d7$8$H$gd)E & F 88d7$8$H$^8gd & F 88d7$8$H$^8gd)E & F d7$8$H$gdRk dgd/S dgd/S ""F""#G$$$$$%%''''(( $a$gd1gd1$a$gd&6fgd3gdo^d7$8$H$gd[$d7$8$H$a$gd/S dgd/SG$b$$$$$$$%%&&&&&&}''''''''(((пl^QDh1h1OJQJ^Jh/Sh1OJQJ^Jh1h15OJQJ^J'h&6fh15B*OJQJ\^Jphh&6fh1OJQJ^Jh/Sh15OJQJ^Jh&6fOJQJ^Jh&6fho^OJQJ^Jh&6fhqOJQJ^J h3ho^CJOJQJ^JaJh&6fho^5OJQJ\^Jh&6fh{(iCJOJQJaJh&6fh{(i5CJOJQJaJ(r)s)))***n,,,,-*-D-E--gd&6fgd1 & Fgdbs  & Fgdbs & Fd7$8$H$gdn  & Fgdw4d7$8$H$gd$a$gdw4gd3gd:K$a$gd1(r)s)t)))))))*5*6*?**********+.,oo^O@h&6fhCJOJQJaJh&6fhKCJOJQJaJ h/ShKCJOJQJ^JaJ h3h>6GCJOJQJ^JaJh&6fh{(iOJQJ^Jh&6fhnOJQJ^Jh&6fhw4OJQJ^Jh&6fhOJQJ^Jh&6fhz'@OJQJ^J h3h{(iCJOJQJ^JaJ h3hz'@CJOJQJ^JaJh&6fh{(i5OJQJ\^Jh&6fh1OJQJ^J.,m,n,w,,,,,,,*-B-C-D-E-I-J-Q---ջ{j{`VI6GOJQJ^Jh&6fho^OJQJ^Jh&6fhOJQJ^Jh/SOJQJ^Jh&6fh>6G5OJQJ^Jh/S0JCJOJQJ^JaJ$hsh>6G0JCJOJQJ^JaJh&6fh&6fCJOJQJaJh&6fh&6fOJQJ^J---...///0/M/N/D0E0O0P00000000gd:Kd7$8$H$gdw4$a$gd>6Ggd & F d7$8$H$gd&6f & Fd7$8$H$gd&6f\00000000000000000000ַ̿̿h{(ih{(iCJaJhHhHOJQJ^JhHOJQJ^JhHh{(iOJQJ^JhHh{(iOJQJ\^JhHhHOJQJ\^J0000gd:K50P:ppo/ ?!"#$% }DyK _Toc329844500}DyK _Toc329844500}DyK _Toc329844501}DyK _Toc329844501}DyK _Toc329844502}DyK _Toc329844502}DyK _Toc329844503}DyK _Toc329844503}DyK _Toc329844504}DyK _Toc329844504}DyK _Toc329844505}DyK _Toc329844505}DyK _Toc329844506}DyK _Toc329844506}DyK _Toc329844507}DyK _Toc329844507}DyK _Toc329844508}DyK _Toc329844508}DyK _Toc329844509}DyK _Toc329844509}DyK _Toc329844510}DyK _Toc329844510}DyK _Toc329844511}DyK _Toc329844511}DyK _Toc329844512}DyK _Toc329844512}DyK _Toc329844513}DyK _Toc329844513}DyK _Toc329844514}DyK _Toc329844514N@N GBNormal dCJPJ_HaJmH sH tH Z@Z 3 Heading 1$<@&5CJ KH OJQJ\^JaJ \@\ 3 Heading 2$<@& 56CJOJQJ\]^JaJV@V 3 Heading 3$<@&5CJOJQJ\^JaJDA@D Default Paragraph FontRiR  Table Normal4 l4a (k(No List fOf :KDefault 7$8$H$1B*CJOJPJQJ^J_HaJmH phsH tH DOD S`# NIST:textB*OJQJ^Jph^O^ sHeading 3 Char*5CJOJQJ\^J_HaJmH sH tH L@L 1TOC 1 h5;CJOJQJ\^JaJD@D 1TOC 2 5CJOJQJ\aJB@B 1TOC 3^CJOJQJaJ6U@Q6 1 Hyperlink >*B*phFV@aF /SFollowedHyperlink >*B* phBB /STOC 4^CJOJQJaJBB /STOC 5^CJOJQJaJBB /STOC 6p^pCJOJQJaJBB /STOC 7L^LCJOJQJaJBB /STOC 8(^(CJOJQJaJBB /STOC 9^CJOJQJaJ(`95>u/z0 1 MNjkqTOP3,|qFG r!s!!!"""n$$$$%*%D%E%%%%&&&'/'0'M'N'D(E(O(P(((((((((((00000000000000000z0z0000z00000000z0N0N0N0N0N0N0N0N(0N0 0 0 0 0 0 0 0 0 00(0000000000(000000000000(0000(00 0 0 0 0 0(000 0 0 0 0 0 0 000000000000000000 r!""n$$&&'/'(00000000 00 ʑ00 ඨʑ00 ʑ00ඨʑ0000 000000 ʑ00e o ) G$(.,-\00 !"#%(*+,. (-00$&')-/09i4679Yv 0235Uc9;<>^{Tprsu*,-/OYuwxz( X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%̕8@0(  B S  ?. _Toc329842296 _Toc329843284 _Toc329844500 _Toc329842298 _Toc329843285 _Toc329844501 _Toc329842299 _Toc329843286 _Toc329844502 _Toc329842300 _Toc329843287 _Toc329844503 _Toc329842301 _Toc329843288 _Toc329844504 _Toc329842302 _Toc329843289 _Toc329844505 _Toc329842303 _Toc329843290 _Toc329844506 _Toc329842304 _Toc329843291 _Toc329844507 _Toc329842305 _Toc329843292 _Toc329844508 _Toc329842306 _Toc329843293 _Toc329844509 _Toc329842309 _Toc329842310 _Toc329842307 _Toc329843294 _Toc329844510 _Toc329842308 _Toc329843295 _Toc329844511 _Toc329843296 _Toc329844512 _Toc329842311 _Toc329843297 _Toc329844513 _Toc329842312 _Toc329843298 _Toc329844514|NNNTTT s!s!s!"""*%*%0'0'0'E(E(E((  !"#$%&'()*,-+iii]]] !!!"""C%C%J'J'K'M(\(\((4t444tt4t4t bb<< %%(((     mmGG %%((( 8*urn:schemas-microsoft-com:office:smarttagsCity9*urn:schemas-microsoft-com:office:smarttagsplace j " &&(&&({&&((&&( 9@c9|||Mo}5~T$B2p\پ~X$5Z^OVD3TH9tZ!>]J2 5c2%5SL1,A<%L"DbSXU^^5X\li"7wpg    ^`.^`.88^8`.^`. ^`OJQJo( ^`OJQJo( 88^8`OJQJo( ^`OJQJo(hh^h`. hh^h`OJQJo(^`^J.^`^J.pLp^p`L^J.@ @ ^@ `^J.^`^J.L^`L^J.^`^J.^`^J.PLP^P`L^J.8^8`^Jo(.^`^J. L^ `L^J. ^ `^J.x^x`^J.HL^H`L^J.^`^J.^`^J.L^`L^J. ^`OJQJo( ^`OJQJo(o pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o PP^P`OJQJo( ^`OJQJo(^`^Jo(. pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o PP^P`OJQJo(h^`OJQJo(hHh^`OJQJ^Jo(hHohpp^p`OJQJo(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hHh^`OJQJo(hH ^`OJQJo(o p^p`OJQJo( @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o P^P`OJQJo( ^`OJQJo( ^`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( PP^P`OJQJo(o   ^ `OJQJo(h^`OJQJo(hHh^`OJQJ^Jo(hHohpp^p`OJQJo(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hH ^`OJQJo( ^`OJQJo(o p^p`OJQJo( @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o P^P`OJQJo( ^`OJQJo( ^`OJQJo(o pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o PP^P`OJQJo( ^`OJQJo( p^p`OJQJo(o @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( P^P`OJQJo(o  ^ `OJQJo( ^`OJQJo( ^`OJQJo(o pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o PP^P`OJQJo( ^`OJQJo( ^`OJQJo(o p^p`OJQJo( @ ^@ `OJQJo( ^`OJQJo(o ^`OJQJo( ^`OJQJo( ^`OJQJo(o P^P`OJQJo(H97w5X5c2L"D%5liSXUZ!VDt 991,A]J2~}|         jW0                                                                                                           no%6! BS s>RZr!X, w4959,V d tr!r!/"S`#8b$j$0%7&((0[);**f^-D.$.TS/Qp/n2\4R586K9O;_<Q?z'@7j@AA%AGBaC*%D)Er"F>F>6GSH*IW JA;JXKW+L7L0mMGVOQrQdS4T4VWeYTMZ[E[D]Xy]?_^`>acdDd0Jd&6f6f7f{(i jIjr*l~vlpo*o pqq sbswst(t This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefhijklmnqrstuvy|}oRoot Entry F@ZWĚ{ Data 11Table9DZWordDocument7`SummaryInformation(gDocumentSummaryInformation8LCompObjqMsoDataStore @ZWĚ@ZWĚ , !"#$%&'()*+-/01  FMicrosoft Office Word Document MSWordDocWord.Document.89q repoint/v3/contenttype/forms">DocumentLibraryFKEV0VIU4BRW4A==2 @ZWĚ@ZWĚItem  PropertiesPKYYO3S1R==2 @ZWĚ@ZWĚItem  Properties UXJU1XBKA==2@ZWĚ@ZWĚItem pBDocumentLibraryFormDocumentLibraryFormDocumentLibraryForm2B8-2E89-483A-BD75-2AB46D1C6DDE}" xml cumentation> This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. ns:ds="http://schemas.openxmlformats.org/officeDocument/2006/customXml"/>e="lastModifiedBy" minOccurs="0" maxOccurs="1" type="xsd:string"/>  Hewlett-PackardJ(' (Security Awareness Communications Plan Title0 _PID_HLINKS7display_urn:schemas-microsoft-com:office:office#Editor7display_urn:schemas-microsoft-com:office:office#AuthorAZ;V_Toc329844514;P_Toc329844513;J_Toc329844512;D_Toc329844511;>_Toc329844510;8_Toc329844509;2_Toc329844508;,_Toc329844507;&_Toc329844506; _Toc329844505;_Toc329844504;_Toc329844503;_Toc329844502;_Toc329844501;_Toc329844500Montoya, Arthur C.Montoya, Arthur C.ns:ds="http://schemas.openxmlformats.org/officeDocument/2006/customXml"/>as.microsoft.com/office/2006/metadata/longProperties"/>