Educause Security Discussion mailing list archives

Re: Enforcement of Security Training for Faculty/Staff

From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Mon, 1 Mar 2010 14:49:15 -0700

Matt,

This may be a little aggressive, but within our Health Sciences, training is required for continued access to IT 
systems and data. We're working on the rest of campus, but are considering a similar approach. Like others, enforcement 
is managed through the individual's supervisor, but we also keep tabs on who has/has not completed training.

Chris

Chris Kidd
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.587.9241
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew 
Giannetto
Sent: Sunday, February 28, 2010 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Enforcement of Security Training for Faculty/Staff


Folks,



We're currently planning IT Security Training & Awareness at our college, and are struggling with some of the same 
challenges I'm sure most of you have faced.  We're currently debating if we can require IT Security Training for 
faculty, and if so, how do we enforce it.



I've gone through much of the previous discussion regarding training and awareness and how to gain faculty acceptance.  
In general, it seems that the majority of institutions can't convince upper management to buy-in to a mandate 
(primarily due to culture or contractual limitations), and thus are left to find creative ways to design and market 
their training to encourage participation.



But, much of the earlier conversation doesn't address how institutions that require IT security training enforce the 
requirement?  Do you turn off network accounts if they don't complete training by a certain date?  Do you make a note 
in their personnel file?  Do you just keep pestering them until they do it?



Any feedback you may have is greatly appreciated.




Thanks,

Matt Giannetto
Manager of IT Security
Montgomery County Community College
mgiannetto () mc3 edu | (215) 619-7442









________________________________
Montgomery County Community College is proud to be
the #1 ranked technology-savvy community college in the nation,
as determined by the Center for Digital Education and Converge magazine.

Current thread:

Enforcement of Security Training for Faculty/Staff Matthew Giannetto (Feb 28)
- <Possible follow-ups>
- Re: Enforcement of Security Training for Faculty/Staff Jansen, Morgan R. (Mar 01)
- Re: Enforcement of Security Training for Faculty/Staff Anand S Malwade (Mar 01)
- Re: Enforcement of Security Training for Faculty/Staff David Escalante (Mar 01)
- Re: Enforcement of Security Training for Faculty/Staff Patria, Patricia (Mar 01)
- Re: Enforcement of Security Training for Faculty/Staff Chris Kidd (Mar 01)
- Re: Enforcement of Security Training for Faculty/Staff Sherry Callahan (Mar 01)
- Enforcement of Security Training for Faculty/Staff Conlee, Keith (Mar 09)
- Re: Enforcement of Security Training for Faculty/Staff Steve Werby (Mar 11)
- Re: Enforcement of Security Training for Faculty/Staff Kimberly Heimbrock (Mar 11)