Educause Security Discussion mailing list archives
Re: Mandatory IT Security training
From: "Gomez, Joshua" <J.Gomez () SNHU EDU>
Date: Tue, 24 Jul 2018 15:49:19 +0000
Hi Brent, We recently just passed this into policy. To create urgency and buy-in, we related the policy to Gramm-Leech Bliley Act (GLBA), GDPR, and the Red Flag Rule. As a Financial Aid institution, we have to comply with GLBA. I would also research state privacy laws specifically where your institution is headquartered and/or where your students are taking courses from (if you are online). I used these resources from SANS that calls out training requirements for compliances - https://www.sans.org/sites/default/files/2017-12/sans-compliance-requirements.pdf Our training covers basic cybersecurity (phishing, spear phishing, anatomy of a phishing email) cloud computing (what to store what not to store, etc) and Password Policy. There are more specific trainings for PCI data stewards. I attached a unbranded draft of the policy. Josh From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Haselhoff, Brent Sent: Tuesday, July 24, 2018 11:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Mandatory IT Security training Hi Everyone, We are currently evaluating our mandatory IT security training policies and procedures. Does your university require IT security training for all employees? If so, what topics are covered? Do you require this training in order to stay compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training annually or just upon hire? Thanks Brent Brent Haselhoff Manager, IT Security and Identity Management brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu> 270-745-2012 Please consider the environment before printing this e-mail.
Attachment:
unbranded_ISAT_POLICY.doc
Description: unbranded_ISAT_POLICY.doc
Current thread:
- Mandatory IT Security training Haselhoff, Brent (Jul 24)
- Re: Mandatory IT Security training WALTER KERNER (Jul 24)
- Re: Mandatory IT Security training Valerie Vogel (Jul 24)
- Re: Mandatory IT Security training John Chapman (Jul 24)
- Re: Mandatory IT Security training Valerie Vogel (Jul 24)
- Re: Mandatory IT Security training Pardonek, Jim (Jul 24)
- Re: Mandatory IT Security training Hiram Wong (Jul 24)
- Re: Mandatory IT Security training Telfer, Will (Jul 24)
- Re: Mandatory IT Security training Gomez, Joshua (Jul 24)
- Re: Mandatory IT Security training Barton, Robert W. (Jul 24)
- Re: Mandatory IT Security training Ronald King (Jul 31)
- Re: Mandatory IT Security training Dan Lewis (Jul 31)
- Re: Mandatory IT Security training Barton, Robert W. (Jul 24)
- Re: Mandatory IT Security training WALTER KERNER (Jul 24)
- Re: Mandatory IT Security training Sharkirah Foote (Jul 24)
- Re: Mandatory IT Security training Andrew Chiarello (Jul 24)
- Re: Mandatory IT Security training Scott Gennari (Jul 24)
- Re: Mandatory IT Security training Penn, Blake C (Jul 24)
- Re: Mandatory IT Security training McClenon, Brady (Jul 24)