Security TRAINING for IT Staff

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

The Security Task Force Awareness & Training Working Group has been
studying ways to improve the "training" of IT staff on cybersecurity
matters.  There appears to be at least three common approaches:

1.  Sending campus staff to attend training programs provided by
commercial entities.

2.  Departments or Institutions banding together to get discounted
training from a professional training organization sometimes hosted in
campus facilities.

3.  Campuses developing their own training programs for their IT staff
or coordinating training (sometimes free) from vendors.

The Working Group is also exploring new possibilities and creative
approaches.  For example, we are planning to pursue leveraged discounts
for EDUCAUSE & Internet2 members from training sources that you
recommend.  We are also looking for ways that we can directly facilitate
training, such as pre- and post-conference seminars at the annual
Security Professionals Conference.  (See seminars on risk assessment,
forensics, policy and legal issues, getting started, and war gaming at
Security2005 <www.educause.edu/sec05>).  The upcoming Internet Security
Training Workshop at Virginia Tech (http://www.conted.vt.edu/isect/) is
another excellent example of the type of affordable and collaborative
effort that we intend to encourage.  

As we continue to explore an effective strategy that will benefit all
colleges and universities, I invite a discussion on this list or
responses to me (or the working group co-chairs Calvin Weeks
<cweeks () ou edu> or Krizi Trivisani <krizi () gwu edu>) regarding:

Q:  What sources are you using for security training for your IT staff?

Q:  What commercial sources should we pursue to obtain discounts to make
their training more affordable and accessible to institutions of higher
education?

Q:  What are other creative approaches that you have employed or should
we consider as we seek to improve the quality and affordability of
security training for the range of IT staff in campus IT organizations?

Remember, you can also submit your approach to Security Training as an
Effective Security Practice and Solution at http://www.educause.edu/ep
to make your achievements more visible.

Thanks,

-Rodney Petersen

-------------------------------------------------- 
Rodney J. Petersen
Policy Analyst & Security Task Force Coordinator

EDUCAUSE 
1150 18th Street, N.W., Suite 1010
Washington, D.C.  20036
(202) 331-5368 / (202) 872-4200 
(202) 872-4318 (FAX) 
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security 
-------------------------------------------------- 


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.