CSU Policy requires that each campus implement or adopt a program for providing information
security awareness and training to employees which may be appropriate to their level of access
to campus information assets.The campus
program must also
promote campus strategies for protecting information assets containing protected data.
All employees with access to protected data and information assets must participate in appropriate
information security awareness training. When appropriate,
be provided to individuals whose job functions require specialized skill or knowledge in information