Educause Security Discussion mailing list archives
Re: Compliance Training for Security Analysts
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Thu, 2 Aug 2012 12:49:29 -0600
I think compliance-specific training is only the right track if you need to train up your staff in order to be able to make compliance related judgment calls for your institution (is X a PCI-compliant approach). If this is the case, then something like PCI ISA training might be worthwhile (and lend an official status that your acquiring bank would appreciate). If that isn't your goal, then I advise assessing your team's skillset against the security landscape and targeting deep training on areas of need that relate to compliance. For example, does your team need more strength in application security assessment, database security methods, forensics, incident response handling, a particular technology you are using (firewall, IDS, DLP, etc)? Or maybe the best next step is scripting/coding training for building in-house tools. I prefer hitting individual topics in depth to an overview approach because I think the deeper understanding lends a lot to the best application of the information as well as longer retention of the information. It takes longer to build out a breadth of knowledge this way, but it's about career professional development, not quick turn-around. Brad Judy From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, A J (A. J.) Sent: Thursday, August 02, 2012 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Compliance Training for Security Analysts Hello all, I'm considering sending some staff to training (and/or certification) on HIPAA and PCI-DSS. This should be classes targeted for security analysts who work on compliance assessments. What good or bad experiences have EDUCAUSE folks had? Any recommendations? Companies to avoid? I don't want to send staff to training that doesn't add value to what they already know or can pick up from reading the compliance documents. Thanks, ajw -- A. J. Wright Chief Information Security Officer University of Tennessee - System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 Email: <mailto:ajw () tennessee edu> ajw () tennessee edu
Current thread:
- Compliance Training for Security Analysts Wright, A J (A. J.) (Aug 02)
- Re: Compliance Training for Security Analysts Basile, Daniel L. (Aug 02)
- Re: Compliance Training for Security Analysts Dan Sarazen (Aug 02)
- Re: Compliance Training for Security Analysts Wayne S. Martin (Aug 02)
- Re: Compliance Training for Security Analysts Dan Sarazen (Aug 02)
- Re: Compliance Training for Security Analysts Brad Judy (Aug 02)
- Re: Compliance Training for Security Analysts Basile, Daniel L. (Aug 02)