Re: Mandatory Security Training in Higher Education - NEW RELATED DISCUSSION

[Greg Vickers <g.vickers () QUT EDU AU>]

Hi all,

Sadler, Connie wrote:
> Melissa, I'm talking about basics, mostly, to include the following:
>
> Choose good passwords and never share them
> Use VPN for remote access
> Encrypt data on laptops and other portable devices
> Shred! Shred! Shred!
> Lock up confidential materials at the end of the day (Clean Desk Policy)
> Keep confidential information to yourself - not for conversation or
> gossip
> Document access controls
> Identify Data Owners and teach them their responsibilities
> Apply anti-virus and patching and anti-spyware
> Dispose of equipment (hard drives and PDAs) securely
> Avoid Phishing attacks
> Report suspected security "incidents"
> Think of worst-case scenarios and whether or not you can defend your
> current practices should a breach occur.
>
> There's more, but the primary message is communicated so that every
> employee and faculty member knows our approach and what their individual
> contributions should be. The concept of Data Ownership is also key,
> because we expect Data Owners to know how their data is stored and
> transmitted. They also need to authorize access (delegating it, but
> knowing the procedures) to employees, vendors, other departments, etc.
>
> I hope this brief summary helps!

I have also been following this thread as I am in the throes of getting
a project completed to provide IT Security Awareness to the general
staff at QUT.

Thank you for the summary Connie - it definitely covers all the topics
that we want to have in our awareness material :)

--
Greg Vickers
IT Security Engineer & Project Manager
IT Security, Network Services,
Information Technology Services
Queensland University of Technology
L12, 126 Margaret St, Brisbane

Phone: +61 7 3138 9536
Mobile: 0410 434 734
Fax: +61 7 3138 2921
Email: g.vickers () qut edu au
IT Security web site: http://www.its.qut.edu.au/itsecurity/

CRICOS No. 00213J