Re: For IP; Re: good read: Please do not change your password

[Don Cochran <dcochran () SCIPPINTERNATIONAL ORG>]

> > "most important from my point of view it gives us a yearly touch point
with users." And >> "When a user changes their password they will be advised
about changes in IT/Security polices since their last change and other
relevant security information.  This password change becomes part of the
general security consciousness raising process."





Wouldn't this also be a good time to have them take their annual security
awareness training? Certainly section 12 of the PCI-DSS mandates it, but
most auditors feel it is best practices to meet HIPAA Privacy and HIPAA
Security requirements as well as FERPA. Since virtually every institution
needs to comply with at least these 3, and most probably FISMA and FERC/NERC
as well as state requirements for annual security awareness training, you
might as well address it once and be in compliance with all.



Unquestionably, universities have it tougher than just about anyone when it
comes to compliance and placating auditors.  There are so many regulations,
acts, laws, and other regulatory mandates that come in to play based on the
information that is processed within the enterprise.



Don Cochran

Director, Business Development

SCIPP International

1964 Gallows Road, Suite 320

Vienna, Virginia 22182

United States of America



+1 703.637.4422 (Direct)

+1 703.599-0666 (Cell)

+1 703. 637-4371 (Fax)

 <http://www.SCIPPinternational.org> www.SCIPPinternational.org



Ansi100x100.jpg           SCIPP International

"The Security Awareness Certification Company"