Educause Security Discussion mailing list archives
Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION
From: Greg Vickers <g.vickers () QUT EDU AU>
Date: Mon, 20 Nov 2006 15:55:56 +1000
Hi all, Sadler, Connie wrote:
Melissa, I'm talking about basics, mostly, to include the following: Choose good passwords and never share them Use VPN for remote access Encrypt data on laptops and other portable devices Shred! Shred! Shred! Lock up confidential materials at the end of the day (Clean Desk Policy) Keep confidential information to yourself - not for conversation or gossip Document access controls Identify Data Owners and teach them their responsibilities Apply anti-virus and patching and anti-spyware Dispose of equipment (hard drives and PDAs) securely Avoid Phishing attacks Report suspected security "incidents" Think of worst-case scenarios and whether or not you can defend your current practices should a breach occur. There's more, but the primary message is communicated so that every employee and faculty member knows our approach and what their individual contributions should be. The concept of Data Ownership is also key, because we expect Data Owners to know how their data is stored and transmitted. They also need to authorize access (delegating it, but knowing the procedures) to employees, vendors, other departments, etc. I hope this brief summary helps!
I have also been following this thread as I am in the throes of getting a project completed to provide IT Security Awareness to the general staff at QUT. Thank you for the summary Connie - it definitely covers all the topics that we want to have in our awareness material :) -- Greg Vickers IT Security Engineer & Project Manager IT Security, Network Services, Information Technology Services Queensland University of Technology L12, 126 Margaret St, Brisbane Phone: +61 7 3138 9536 Mobile: 0410 434 734 Fax: +61 7 3138 2921 Email: g.vickers () qut edu au IT Security web site: http://www.its.qut.edu.au/itsecurity/ CRICOS No. 00213J
Current thread:
- Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION Jim Dillon (Oct 19)
- <Possible follow-ups>
- Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION Melissa Guenther (Oct 19)
- Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION Sadler, Connie (Oct 20)
- Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION Greg Vickers (Nov 19)