Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Mandatory information security awareness training
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Thu, 18 Apr 2013 11:11:15 -0500

Much like Samford, Murray State has mandatory training through SANS
Securing the Human for al Faculty and Staff. We purchased a large block
through REN-ISAC pricing. I believe there is another purchasing window
coming up in July. We're also looking into re-training with some components
for policy violations. For instance, if your email account is compromised
from a phishing attack, you must re-take the email and password modules
before your account will be re-activated.

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*


On Thu, Apr 18, 2013 at 10:00 AM, Banks, Teresa E - (tbanks) <
tbanks () email arizona edu> wrote:

All three state universities in Arizona (University of Arizona, Arizona
State, and Northern Arizona University) have mandatory all-employee
awareness.  We developed our own, and presented on it at the Educause
Security Professionals Conference in 2011.  You can find our training at
http://security.arizona.edu/infosecessentials.****

** **

We wanted to make sure we didn’t just cover what auditors required of us –
we wanted to help our users understand the WIIFM (What’s in it for me).
The program has been very successful.  We are in the process of updating it
now.****

** **

If you have questions, please don’t hesitate to contact Kelley Bogart
(520-626-8232, bogartk () email arizona edu) or me.****

** **

Best,****

*Teresa E. Banks*

Manager, Information Security ****

   & Compliance Programs****

University of Arizona Information Security****

tbanks () email arizona edu****

Phone:  520.621.8476****

** **

*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Self, Dennis
*Sent:* Friday, April 12, 2013 2:05 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Mandatory information security awareness
training****

** **

Beth,****

** **

We have the requirement (not policy yet, but administration agreement) but
not everyone has taken it.  The training,* Securing the Human* from SANS
Institute, has been available for approaching two years.****

** **

Dennis Self, CISSP****

Director, IT Security & Compliance****

Technology Services****

Samford University****

(205) 726-2692****

** **

*From: *"Chancellor, Beth C." <ChancellorB () MISSOURI EDU>
*Reply-To: *The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
*Date: *Friday, April 12, 2013 2:59 PM
*To: *<SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: *[SECURITY] Mandatory information security awareness training***
*

** **

 ****

I need to identify institutions that have mandatory information security
awareness training for *all employees*. MU has required training for
certain segments of our employee population but not for all.  Please reply
to me if you have already have such a policy that covers everyone.****

 ****

Thanks,****

Beth****

 ****

*Beth Chancellor*****

*chancellorb () missouri edu*****

*MEd, CISSP*****

*Associate CIO &*****

*Chief Information Security Officer*****

*University of Missouri*****

*(573) 882-3503*****

* *****

 ****


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]