Re: Training and Compliance Portal

[Neal O'Farrell <neal () SCHOOLEDINSECURITY ORG>]

Are there any organizations out there including data ethics as part of
their employee security awareness training? Not big data ethics, but
ethical data handling as a natural supplement to data handling policies.

Neal.

Neal O'Farrell
Schooled In Security
www.schooledinsecurity.org
neal () schooledinsecurity org
(925) 914 0248 (EST)

When we say "next generation security," we really mean it!


On Wed, Jun 26, 2019 at 11:54 AM Conlee, Keith <conlee () cod edu> wrote:

> We also use KnowBe4.  But since you are probably asking about more than
> Security Training, KnowBe4 will not do it.  We use Cornerstone LMS for our
> Security Training, HR Training - e.g. Sexual Awareness, Ethics, and
> Compliance Training - e.g. Safety, NIMS, etc.  We still use KnowBe4 for
> phishing simulation, and since KnowBe4's training is scorm compliant/format
> you can just drop KnowBe4 Security Training modules into Cornerstone and
> administer Security Training with all the NON-Security Training FROM
> Cornerstone.  It is all administered by HR for completion, discipline for
> non-completion, etc.  Works great.
>
> Keith Conlee, JD, MS/BS, PCIP, CISSP, CISA, CBCP
> Chief Security Officer, IT
> College of DuPage
> 425 Fawell Blvd.
> Glen Ellyn, IL 60137-6599
>
> Ph. - 630.942.3055
> conlee () cod edu
>
>
>
>
> Date:    Fri, 24 May 2019 16:29:36 +0000
> From:    "Pardonek, Jim" <jpardonek () LUC EDU>
> Subject: Training and Compliance Portal
>
> We have 3 disparate platforms for delivering awareness and compliance
> training. HR has one, our Information Security Office has one, and our
> compliance folks have one. We are looking for software that would provide a
> portal that would be helpful to our end users where they could go to find
> all of their available and completed training on one dashboard.  If you
> grew your own, please let me know as well
>
> Thanks!
>
>
> James Pardonek, MS, CISSP, CEH, GSNA
> Information Security Officer
> Loyola University Chicago
> 1032 W. Sheridan Road | Chicago, IL  60660
>
> *: (773) 508-6086
>
> Loyola University Chicago will never ask you for your username or password.
> For the lastest information security news at Loyola, please follow us
> online,
> Twitter: @LUCUISO
> Facebook: https://www.facebook.com/lucuiso/ Our Blog
> http://blogs.luc.edu/uiso/
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of SECURITY automatic digest
> system
> Sent: Friday, May 24, 2019 5:00 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: SECURITY Digest - 23 May 2019 to 24 May 2019 (#2019-93)
>
> There are 6 messages totalling 1777 lines in this issue.
>
> Topics of the day:
>
>   1. Proof point vs Mimecast (3)
>   2. Training and Compliance Portal
>   3. SecureLink vs VPN for privileged vendor access
>   4. [EXTERNAL] [SECURITY] SecureLink vs VPN for privileged vendor access
>
> ----------------------------------------------------------------------
>
> Date:    Fri, 24 May 2019 12:33:38 +0000
> From:    "Snook, Allen" <asnook () MESSIAH EDU>
> Subject: Re: Proof point vs Mimecast
>
> Thanks everyone for your insightful input.    Your input will make my
> decision much easier.
>
> Regards,
>
>
> Allen A. Snook - CISSP
>
> Director of Information Security
>
> CCNP
> [cid:part2.C84B68C8.50548032@messiah.edu]
>
> From: The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Snook, Allen
> Sent: Thursday, May 23, 2019 9:14 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Proof point vs Mimecast
>
> Good morning All,
>
> Has anyone used either or both of these companies?  We have just completed
> a POC with Proof Point which I feel is a great product/service we just
> cannot afford the price tag.  Currently we are looking at Mimecast to do
> another POC with to compare the two.
>
> I would like to get anyone's feedback to the following questions in
> regards to Proof Point or Mimecast:
>
> *         why you picked one over the other,
>
> *         if you switched from one to the other why,
>
> *         what you like best of either, or
>
> *         most importantly what you didn't like.
>
> Also is there another product/service you prefer that would be great to
> know.
>
> A little about our environment:
> For the last 30 days, our average daily email stats look like:
>             email sent: 11,855
>             email received: 92,692
>             total mailboxes: 17,000
>             active mailboxes: 8,168
>
> We use Office365 Exchange with A1 licensing.
>
> Currently our heaviest attack vector is Email (with IMAP password
> discovery, discovered during our POC with Proof Point) with Alumni accounts
> being compromised most often.
>
> Regards,
>
>
> Allen A. Snook - CISSP
>
> Director of Information Security
>
> CCNP
> [cid:part2.C84B68C8.50548032@messiah.edu]
>
> One College Avenue Suite 3055
> Mechanicsburg PA 17055
> Tel: (717) 766-2511 x6790
>
> Fax: (717) 796-5246
>
> Cell: (717) 439-0025
>
> ------------------------------
>
> Date:    Fri, 24 May 2019 08:44:11 -0400
> From:    Frank Barton <bartonf () HUSSON EDU>
> Subject: Re: Proof point vs Mimecast
>
> We have looked at enabling the "time-of-click" protection on our Sophos
> Email Appliance (does part of what ProofPoitn and Mimecast does), but it
> would involve changing our email flow
>
> Are any of those of you that are using these services using Google Apps as
> your email?
>
> Frank
>
> On Fri, May 24, 2019 at 8:33 AM Snook, Allen <asnook () messiah edu> wrote:
>
> > Thanks everyone for your insightful input.    Your input will make my
> > decision much easier.
> >
> >
> >
> > Regards,
> >
> >
> >
> > *Allen A. Snook - CISSP*
> >
> > Director of Information Security
> >
> > CCNP
> >
> > [image: cid:part2.C84B68C8.50548032@messiah.edu]
> >
> >
> >
> > *From:* The EDUCAUSE Security Community Group Listserv <
> > SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Snook, Allen
> > *Sent:* Thursday, May 23, 2019 9:14 AM
> > *To:* SECURITY () LISTSERV EDUCAUSE EDU
> > *Subject:* [SECURITY] Proof point vs Mimecast
> >
> >
> >
> > Good morning All,
> >
> >
> >
> > Has anyone used either or both of these companies?  We have just
> > completed a POC with Proof Point which I feel is a great
> > product/service we just cannot afford the price tag.  Currently we are
> > looking at Mimecast to do another POC with to compare the two.
> >
> >
> >
> > I would like to get anyone’s feedback to the following questions in
> > regards to Proof Point or Mimecast:
> >
> > ·         why you picked one over the other,
> >
> > ·         if you switched from one to the other why,
> >
> > ·         what you like best of either, or
> >
> > ·         most importantly what you didn’t like.
> >
> >
> >
> > Also is there another product/service you prefer that would be great
> > to know.
> >
> >
> >
> > A little about our environment:
> >
> > For the last 30 days, our average daily email stats look like:
> >
> >             email sent: 11,855
> >
> >             email received: 92,692
> >
> >             total mailboxes: 17,000
> >
> >             active mailboxes: 8,168
> >
> >
> >
> > We use Office365 Exchange with A1 licensing.
> >
> >
> >
> > Currently our heaviest attack vector is Email (with IMAP password
> > discovery, discovered during our POC with Proof Point) with Alumni
> > accounts being compromised most often.
> >
> >
> >
> > Regards,
> >
> >
> >
> > *Allen A. Snook - CISSP*
> >
> > Director of Information Security
> >
> > CCNP
> >
> > [image: cid:part2.C84B68C8.50548032@messiah.edu]
> >
> > One College Avenue Suite 3055
> > Mechanicsburg PA 17055
> > Tel: (717) 766-2511 x6790
> >
> > Fax: (717) 796-5246
> >
> > Cell: (717) 439-0025
>
>
> --
> Frank Barton, MBA
> Security+, ACMT, MCP
> IT Systems Administrator
> Husson University
>
> ------------------------------
>
> Date:    Fri, 24 May 2019 16:29:36 +0000
> From:    "Pardonek, Jim" <jpardonek () LUC EDU>
> Subject: Training and Compliance Portal
>
> We have 3 disparate platforms for delivering awareness and compliance
> training. HR has one, our Information Security Office has one, and our
> compliance folks have one. We are looking for software that would provide a
> portal that would be helpful to our end users where they could go to find
> all of their available and completed training on one dashboard.  If you
> grew your own, please let me know as well
>
> Thanks!
>
>
> James Pardonek, MS, CISSP, CEH, GSNA
> Information Security Officer
> Loyola University Chicago
> 1032 W. Sheridan Road | Chicago, IL  60660
>
> *: (773) 508-6086
>
> Loyola University Chicago will never ask you for your username or password.
> For the lastest information security news at Loyola, please follow us
> online,
> Twitter: @LUCUISO
> Facebook: https://www.facebook.com/lucuiso/ Our Blog
> http://blogs.luc.edu/uiso/
>
> ------------------------------
>
> Date:    Fri, 24 May 2019 18:55:48 +0000
> From:    Colin Abbott <colin.abbott () MCGILL CA>
> Subject: SecureLink vs VPN for privileged vendor access
>
> Hi,
>
>   As part of our Banner 9 transformation project we are engaging with
> Ellucian professional services to provide some support. Their new model is
> that they are refusing to use a client’s VPN and instead forcing the
> clients to use SecureLink. (https://www.securelink.com/)
>
> A quick look at SecureLink it looks pretty interesting, especially the
> level of audit and notifications when vendors access your systems.
>
> Is anyone using this with Ellucian or has anyone implemented it as a
> solution for vendor access? Has anyone already done an in-depth security
> assessment of the product?
>
> Thanks
> Colin Abbott, CISSP, CCSP | IT Security Architect  | McGill University |
> Network and Communication Services | 514-398-5070
>
>
> ------------------------------
>
> Date:    Fri, 24 May 2019 15:10:49 -0400
> From:    Alexandre Adao <Alexandre.Adao () MORGAN EDU>
> Subject: Re: Proof point vs Mimecast
>
> We took advantage of a "promotional pricing" in order for us to purchase
> ProofPoint back in 2016.  So far has served us well and it worth the
> investment if you can afford. Spams and phishing have been reduced
> considerably but indeed this product is very expensive.
>
> Alex Adao
>
> On Fri, May 24, 2019 at 8:44 AM Frank Barton <bartonf () husson edu> wrote:
>
> > We have looked at enabling the "time-of-click" protection on our
> > Sophos Email Appliance (does part of what ProofPoitn and Mimecast
> > does), but it would involve changing our email flow
> >
> > Are any of those of you that are using these services using Google
> > Apps as your email?
> >
> > Frank
> >
> > On Fri, May 24, 2019 at 8:33 AM Snook, Allen <asnook () messiah edu> wrote:
> >
> > > Thanks everyone for your insightful input.    Your input will make my
> > > decision much easier.
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > > *Allen A. Snook - CISSP*
> > >
> > > Director of Information Security
> > >
> > > CCNP
> > >
> > > [image: cid:part2.C84B68C8.50548032@messiah.edu]
> > >
> > >
> > >
> > > *From:* The EDUCAUSE Security Community Group Listserv <
> > > SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Snook, Allen
> > > *Sent:* Thursday, May 23, 2019 9:14 AM
> > > *To:* SECURITY () LISTSERV EDUCAUSE EDU
> > > *Subject:* [SECURITY] Proof point vs Mimecast
> > >
> > >
> > >
> > > Good morning All,
> > >
> > >
> > >
> > > Has anyone used either or both of these companies?  We have just
> > > completed a POC with Proof Point which I feel is a great
> > > product/service we just cannot afford the price tag.  Currently we
> > > are looking at Mimecast to do another POC with to compare the two.
> > >
> > >
> > >
> > > I would like to get anyone’s feedback to the following questions in
> > > regards to Proof Point or Mimecast:
> > >
> > > ·         why you picked one over the other,
> > >
> > > ·         if you switched from one to the other why,
> > >
> > > ·         what you like best of either, or
> > >
> > > ·         most importantly what you didn’t like.
> > >
> > >
> > >
> > > Also is there another product/service you prefer that would be great
> > > to know.
> > >
> > >
> > >
> > > A little about our environment:
> > >
> > > For the last 30 days, our average daily email stats look like:
> > >
> > >             email sent: 11,855
> > >
> > >             email received: 92,692
> > >
> > >             total mailboxes: 17,000
> > >
> > >             active mailboxes: 8,168
> > >
> > >
> > >
> > > We use Office365 Exchange with A1 licensing.
> > >
> > >
> > >
> > > Currently our heaviest attack vector is Email (with IMAP password
> > > discovery, discovered during our POC with Proof Point) with Alumni
> > > accounts being compromised most often.
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > > *Allen A. Snook - CISSP*
> > >
> > > Director of Information Security
> > >
> > > CCNP
> > >
> > > [image: cid:part2.C84B68C8.50548032@messiah.edu]
> > >
> > > One College Avenue Suite 3055
> > > Mechanicsburg PA 17055
> > > Tel: (717) 766-2511 x6790
> > >
> > > Fax: (717) 796-5246
> > >
> > > Cell: (717) 439-0025
> >
> >
> > --
> > Frank Barton, MBA
> > Security+, ACMT, MCP
> > IT Systems Administrator
> > Husson University
>
>
> --
> =============================================
> Alexandre Magno Adão
> Interim Chief Information Security Officer Morgan State University (CGW
> 300k) Division of Information Technology (DIT)
> 443-885-4415 Office
> 443-803-3154 Cell
> <http://www.morgan.edu>
>
> ------------------------------
>
> Date:    Fri, 24 May 2019 13:34:29 -0700
> From:    Gene LeDuc <gleduc () SDSU EDU>
> Subject: Re: [EXTERNAL] [SECURITY] SecureLink vs VPN for privileged vendor
> access
>
> We've been using SecureLink for vendor access for a few years and are
> pretty happy with it.  It is on the pricey side, though.  My users really
> like the ability to replay RDP and SSH sessions so they can see
> what kind of pixie dust the vendor uses to fix the problem.   We only
> allow campus-affiliated users to have VPN access.
>
> Gene
>
> On 5/24/19 11:55 AM, Colin Abbott wrote:
> > Hi,
> >
> >    As part of our Banner 9 transformation project we are engaging with
> > Ellucian professional services to provide some support. Their new
> > model is that they are refusing to use a client’s VPN and instead
> > forcing the clients to use SecureLink. (https://www.securelink.com/)
> >
> > A quick look at SecureLink it looks pretty interesting, especially the
> > level of audit and notifications when vendors access your systems.
> >
> > Is anyone using this with Ellucian or has anyone implemented it as a
> > solution for vendor access? Has anyone already done an in-depth
> > security assessment of the product?
> >
> > Thanks
> >
> > Colin Abbott, CISSP, CCSP | IT Security Architect  | McGillUniversity
> > | Network and Communication Services| 514-398-5070
>
> --
> Gene LeDuc                 | You can tell the greatness of a man by
> Technology Security        | what makes him angry.
> San Diego State University |   --Abraham Lincoln
>
> ------------------------------
>
> End of SECURITY Digest - 23 May 2019 to 24 May 2019 (#2019-93)
> **************************************************************