Educause Security Discussion mailing list archives
Examples of role-based security "technical training"
From: Cathy Hubbs <chubbs () GMU EDU>
Date: Wed, 31 Mar 2004 13:24:59 -0500
The Commonwealth of Virginia has an Information Technology Security Standard. Contained in that standard is a "Technical Training" (p7) requirement. The requirement is listed below.*** Does any one have examples of implementing (auditable/measurable) "role-based" security specific training programs? and if you do who is responsible for tracking and maintaining the program at your University? -- Cathy Hubbs George Mason University Information Technology Security Coordinator http://security.gmu.edu *** C.1.a)Each Agency must establish and maintain information technology security training programs to ensure that all individuals involved in managing, administering, designing, developing, implementing, and/or maintaining information resources are aware of their security responsibilities and know how to fulfill them. C.1.b)Information technology security training programs must be commensurate to the level of expertise required for the system components and information resources for which they are responsible.The program must include content that enables the individual to identify and evaluate threats, vulnerabilities, and risks specific to those components and resources. The program must further include content regarding technical alternatives, methods, and standards which represent best practices appropriate to those components and resources, and which can be utilized to effectively implement safeguards as appropriate. Full text available online at http://www.vita.virginia.gov/docs/psg/COVA_STMGT_Security_Std_REV.pdf ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Examples of role-based security "technical training" Cathy Hubbs (Mar 31)