Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Awareness Training - a rehash

From: David Stack <dstack () UWSA EDU>
Date: Wed, 12 Jul 2017 17:42:44 +0000
The University of Wisconsin System has a policy that requires security awareness training.
https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/information-security-awareness/

A few of the salient elements:

Any individual or entity that has access to moderate or high risk data must:

  1.  Upon hire and annually thereafter, acknowledge and accept the UW System Acceptable Use Policy and any applicable 
institutional Acceptable Use Policy. Access to UW System data and information technology resources may be withheld 
until the Acceptable Use Policy(s) have been accepted.
  2.  Annually complete information security awareness training, which acknowledges that they are aware of security 
best practices, and their roles in protecting the university’s systems and data. All newly hired employees are required 
to complete the information security awareness training within 30 days of their initial hire date.
  3.  All contractors, consultants and business partners are required to abide by UW System acceptable use policies 
prior to being given access to university systems and data resources, when possible.
Students with access to only their own data, will on an annual basis:

  1.  Receive notification of the UW System Acceptable Use Policy and any applicable institutional Acceptable Use 
Policy.
  2.  Have access to an information security awareness training which includes security best practices, and their roles 
in protecting the University’s systems and data.

Revisions to the policy are in the works.

All of the UW System institutions have access to the “LawRoom” training modules from Everfi and that is the default 
training unless an institution already had something of its own.

Administering the training is an “other duties as assigned” activity for the IT staff at the campuses.

— David

David Stack
Interim Associate VP & CIO
University of Wisconsin System
dstack () uwsa edu


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Chad Tracy 
<chad.tracy () COLBY EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, July 12, 2017 at 12:15 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Security Awareness Training - a rehash

Afternoon,

I am new to the board and did a cursory look at past posts but could not find anything recent regarding what folks are 
doing for awareness training. We are looking to implement security awareness training here at Colby and I am curious as 
to what you all use.

Could you please assist by completing this quick Google Survey (8ish questions - 3 minutes tops) for me so I can better 
understand what the rest of you all are doing? I will be prepared to share the results upon the completion of this 
survey.

https://goo.gl/forms/Oko29fesYQZUpMaG3

Thank you for your time and efforts!

Chad Tracy
Director of Information Security
Colby College
Waterville, ME 04901
207 . 859 . 4199
chad.tracy () colby edu<mailto:chad.tracy () colby edu>
Previous By Date Next
Previous By Thread Next

Current thread: