Educause Security Discussion mailing list archives
Re: Awareness training and sanctions
From: Robert Meyers <REMeyers () MAIL WVU EDU>
Date: Tue, 28 Jun 2011 14:43:18 -0400
You've hit my major pain point. Mandatory awareness training is not required, and while sanctions for bad behavior are in place, enforcement is a huge issue. We are trying to get human resources and the legal department to join with us for a clearly articulated training requirement as well as a due process for bad actors. Bob Robert E. Meyers, Ms.Ed. Educational Program Manager Office of Information Security West Virginia University office: (304) 293-8502 remeyers () mail wvu edu
On Tuesday, June 28, 2011 at 2:36 PM, Charles Seitz <cseitz () UTM EDU> wrote:
I am researching how other institutes of higher learning approach security awareness training and what sanctions for bad behavior are available, like giving up credentials to phishers more than once. We've put together some online training and I'm trying to convince the powers that be to make it mandatory with sanctions for bad online behavior after having acknowledged that they received and understood the training. The trouble is figuring out what other institutions, especially public ones, do for training and sanctions. So how do y'all handle it? Thanks, Charlie Charles A. Seitz Senior Security Analyst University of Tennessee Information Security Office Martin Campus cseitz () tennessee edu ( about:cseitz () tennessee edu ) (731) 881-7966 Mobile (615) 948-3641
Current thread:
- Awareness training and sanctions Charles Seitz (Jun 28)
- Re: Awareness training and sanctions Robert Meyers (Jun 28)
- Re: Awareness training and sanctions Banks, Teresa E - (tbanks) (Jun 28)
- Re: Awareness training and sanctions Chris Kidd (Jun 28)
- Re: Awareness training and sanctions Di Fabio, Andrea (Jun 28)
- Re: Awareness training and sanctions Sherry Callahan (Jun 28)
- Re: Awareness training and sanctions Greg Schaffer (Jun 28)
- Re: Awareness training and sanctions Chris Kidd (Jun 28)