Educause Security Discussion mailing list archives
Re: Faculty and Staff IT Security Awareness
From: John Kristoff <jtk () DEPAUL EDU>
Date: Mon, 3 Mar 2008 15:04:52 -0600
On Mon, 3 Mar 2008 15:00:11 -0500 Nicolas Pachis <npachis () VT EDU> wrote:
I was hoping to spark a discussion / feedback on the methods that other Colleges and Universities are using to promote awareness within faculty and staff. Currently we use new employee orientation, our Faculty Development Institute, and various newsletters, printable materials, etc.
Some time ago I was fortunate enough to have been involved in an award of some funds to develop just this sort of thing. The security team undertook a number of tasks to accomplish this. We began an annual security forum, which was an all day seminar format program. We solicited 1/2 to 1 hour talks by various colleagues, mostly within the institution. Some were technical presentations, but we also had some more fun ones such as when we had a rep from legal counsel join us. We also bribed local 3rd party experts who always had something useful to say. Students were welcome. We brought in CERT/CC to give some classes. One was directly aimed at managers, directors and C*O types. This was the high-level concepts and risk management style class that got them thinking and talking about issues from a business perspective. We also had a 5-day technical training for IT staff by CERT/CC. I think we had about 25 attend the former and 20 the latter. We also solicited someone from computer science to come in and teach "secure coding" concepts to IT development staff, but I don't recall this ever happening unfortunately. We then did monthly lunch sessions on various topics. I think we sent a few people away to more specific training for things that weren't applicable to big groups. Two things really helped drive participation. Free food at all the events and at least a couple really good sponsors. We had wonderful support from an executive of our library services group who helped do all the promotion and bring in all the key folks from around the university. With money we had left over we gave away some books, mousepads with key websites/info on it, etc. Even though the initial funding was a one-time event, the yearly seminar and monthly lunch events continued for awhile. Hard to measure the overall outcome, but in my experience I've seen places that don't seem to do better with a lot more overall resources and much bigger security budgets. Hopefully that sparked some ideas. John
Current thread:
- Faculty and Staff IT Security Awareness Nicolas Pachis (Mar 03)
- <Possible follow-ups>
- Re: Faculty and Staff IT Security Awareness John Kristoff (Mar 03)
- Re: Faculty and Staff IT Security Awareness Allison Dolan (Mar 04)
- Re: Faculty and Staff IT Security Awareness Marty Manjak (Mar 04)
- Re: Faculty and Staff IT Security Awareness Theresa Rowe (Mar 10)
- Re: Faculty and Staff IT Security Awareness Martin Manjak (Mar 12)
- Re: Faculty and Staff IT Security Awareness Randy Marchany (Mar 12)