It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus

Special Topic: Texas Compliance

  • Last updated on

 

Background

Barracuda is certified by the Texas Department of Information Resources for state and local government employees in compliance with House Bill (HB) 3834. State agencies, local governments, and contractors can now leverage Security Awareness Training to satisfy their annual cybersecurity training program requirement.

To meet the security awareness training objective, HB3834 states that organizations must:

Define, prepare, deliver, and facilitate an ongoing awareness campaign utilizing a wide variety of mediums and delivery mechanisms to effectively and constantly educate the organization on security related information, threats, and technology risks.

Training must be completed each year and the organization is required to keep records certifying employee completion.

Security Awareness Training equips organizations with the tools and training content they need to keep their users informed about the latest cyber security risks and best practices. The Security Awareness Training approach to continuous testing, training, and analysis has helped organizations of all sizes effectively mitigate the risk of a detrimental security incident.

For more information, see Texas Department of Information Resources Cybersecurity Awareness Training.

Training Expectations

The following two topics are the core requirements of a cybersecurity training program, as stated by Texas Government Code Section 2054.519(b):

Topic 1: Information security habits and procedures that protect information resources  
    • The Principles of Information Security
      Users should be aware of:
      • What information security means.
      • The types of information (e.g., confidential, private, sensitive) they are responsible for safeguarding.
      • The forms and locations of the information they are responsible for safeguarding.
      Best Practices to Safeguard Information (All Forms) and Information Systems
    • Users should be aware of:
      • How to safeguard against unauthorized access to information, information systems, and secure facilities/locations.
      • How to safeguard against unauthorized use of information and information systems.
      • Best practices related to securely storing information.
      • Best practices related to working remotely.
      • Best practices related to securely disposing of and sanitizing information and information systems.
Topic 2: Best practices for detecting, assessing, reporting, and addressing information security threats
    • Awareness of the meaning of information security threat, threat actor, risk, and attack.
      Users should be aware of:
      • The meaning of threat with regards to information security.
      • Common threat actors and their motivations.
      • The meaning of risk with regards to information security.
      • The meaning of attack with regards to information security.
      Awareness of how to identify, respond to, and report on information security threats and suspicious activity.
      Users should be aware of:
      • How to identify indicators for common attacks.
      • How to respond to and report on common attacks or suspicious activity.
Outcomes

Users are able to:

    • Identify acceptable information security habits and procedures to protect information resources.
    • Detect or identify basic information security threats.
    • Address and report basic information security threats in accordance with best practices.

Implementation

Follow these general steps to implement your Texas Compliance Training:

  • Review available training materials in the Content Center, as described in Training Content.
    Customize the material for your campaign. 
    You can choose how you want to deploy training for the two topics described above:
    • Combined module approach, taking topics 1 and 2 from above and including them in a single video module that requires 45-60 minutes to complete.
    • Separate module approach, using two separate videos – Part 1, relating to Topic 1 above and Part 2, relating to Topic 2 above. 
  • Review the various methods of sending training content, as described in Choosing How to Send Training Invitations.
    Decide which method you want to use.
  • Create a training campaign, as described in How to Create a Training Campaign.
    Note that this is a multi-step process, including creating an Address Book.

Note: Training content is available in both English and Spanish. 

Previous Article Next Article