Educause Security Discussion mailing list archives
Re: Mandatory Awareness Training Enforcement
From: "Tanner, Andrea" <atanner3 () CCBCMD EDU>
Date: Thu, 7 Jan 2021 17:56:32 +0000
Hello Michael, Several years ago I watched an annual SANS Security Awareness Report presentation and they mentioned a document in the Q&A portion called the Interactive Matrix for Metrics. I got a copy of it from the Director there (Excel document) and it has been a great resource for me in thinking this question through. Below is a screenshot of part of one of the tabs just to provide a few ideas in the area of “behaviors”. I really like what they have put together and it might help you think about how to measure training effectiveness in a variety of ways. If anyone wants a copy I am happy to send it out (email me at atanner3 () ccbcmd edu). I didn’t attach here because I am not sure if the list accepts attachments. [cid:image001.png@01D6E4F4.83C669E0] Happy New Year, Andrea Pronouns: She/Her/Hers Andrea Tanner, M.S. | Senior Director, Technology Support | Community College of Baltimore County Phone: 443-840-4155 | Catonsville Campus CLLB 104B | atanner3 () ccbcmd edu<mailto:atanner3 () ccbcmd edu> CCBC. The incredible value of education. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Menne, Michael S" <michael.menne () MNSU EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, January 6, 2021 at 9:34 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Mandatory Awareness Training Enforcement CAUTION: This email originated from outside of CCBC. Do not click links or open attachments unless you recognize the sender and know the content is safe. How do you measure the mandated training to a reduction of risk in user behavior? Is the training effective at improving user behavior? Thank you, Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 Cell: (507) 405-0717 https://mankato.mnsu.edu/cyberaware<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmankato.mnsu.edu%2Fcyberaware&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611054107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5%2BVwhdvjsAXNCwQSpSIowjmDeZ6B%2Bhe6npCI9T9LIAc%3D&reserved=0> [signature_217893240] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Curt Kappenman <ckappenman () ANDERSONUNIVERSITY EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, January 5, 2021 at 10:26 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Mandatory Awareness Training Enforcement We disable the user account at the beginning of the next quarter if they fail to complete the training. They must contact the security department to have their account enabled and take the required training. Curt Kappenman From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim Sent: Tuesday, January 5, 2021 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Mandatory Awareness Training Enforcement Happy New Year everyone! I know this has been rehashed a few times but it appears that some of the archival information that used to be on the educause site is no longer there. I’m looking for information from schools that mandate annual information security awareness training. My question is what enforcement means are you using to get compliance? This is much appreciated. Thanks! James Pardonek, MS, CISSP, CEH, GSNA Associate Director Chief Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 •: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the latest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611054107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GceG5CmOzpaTGnQt%2BnYOkiOWFTIJ%2F9fOmO931u1KpDE%3D&reserved=0> Our Blog http://blogs.luc.edu/uiso/<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611064108%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NfEwKaT0YZsqSFDoAPU2BRpR0TbBo6XFO0HyK2tV0NQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611074096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YeyjsECnGJJD5IYNWYclG8wO5z8C%2FN7HwycEZ1StYEA%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611074096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YeyjsECnGJJD5IYNWYclG8wO5z8C%2FN7HwycEZ1StYEA%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611084095%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZNmARBI%2BPeupi9E9iCsgeeGqQav%2FNFebvUmrWeKNd1E%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Mandatory Awareness Training Enforcement Pardonek, Jim (Jan 05)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 05)
- <Possible follow-ups>
- Re: Mandatory Awareness Training Enforcement Menne, Michael S (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Menne, Michael S (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Pardonek, Jim (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Alan Andersen (Jan 06)
- Re: Mandatory Awareness Training Enforcement Tanner, Andrea (Jan 07)