Examples of role-based security "technical training"

[Cathy Hubbs <chubbs () GMU EDU>]

The Commonwealth of Virginia has an Information Technology Security Standard. Contained in that standard is a 
"Technical Training" (p7) requirement. The requirement is listed below.***
Does any one have examples of implementing (auditable/measurable)  "role-based" security specific training programs?

and if you do who is responsible for tracking and maintaining the program at your University?

 --
Cathy Hubbs
George Mason University
Information Technology Security Coordinator
http://security.gmu.edu

***
C.1.a)Each Agency must establish and maintain information technology security training programs to ensure that all 
individuals involved in managing, administering, designing, developing, implementing, and/or maintaining information 
resources are aware of their security responsibilities and know how to fulfill them.

C.1.b)Information technology security training programs must be commensurate to the level of expertise required for the 
system components and information resources for which they are responsible.The program must include content that 
enables the individual to identify and evaluate threats, vulnerabilities, and risks specific to those components and 
resources. The program must further include content regarding technical alternatives, methods, and standards which 
represent best practices appropriate to those components and resources, and which can be utilized to effectively 
implement safeguards as appropriate.
Full text available online at http://www.vita.virginia.gov/docs/psg/COVA_STMGT_Security_Std_REV.pdf

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.