Re: Faculty and Staff IT Security Awareness

[Allison Dolan <adolan () MIT EDU>]

Since Massachusetts recently passed a data breach law, we've gotten
some attention when we reference that new law. ('We' meaning the PII
program, which is jointing sponsored by IT and Audit; we've also had
HR and Legal input)  We've been doing a number of departmental visits
- to the administrative officer, staff meetings and various standing
group meetings.  We make it very non-IT and try to focus on the kinds
of work that those areas might be doing, and what behaviors might be
risky.  When folks have a chance to talk about what they are doing,
and how that might be a risk, especially related to their own work,
they seem to get engaged and we've had some positive feedback.  Too
soon to tell if it will have any long range impact.

Allison F. Dolan
Program Director, Protecting Personally Identifying Information
MIT
(617) 252-1461




On Mar 3, 2008, at 3:00 PM, Nicolas Pachis wrote:

> Good Afternoon,
>
> I was hoping to spark a discussion / feedback on the methods that
> other Colleges and Universities are using to promote awareness
> within faculty and staff.  Currently we use new employee
> orientation, our Faculty Development Institute, and various
> newsletters, printable materials, etc.
>
> We are looking to expand our methods and wondered if anyone out
> there had any sure-fire methods they use they would like to share.
> Do you tie it with another group on your campus or run it solo?
> How have you rated its success or failure to promote the awareness
> concepts you were trying to impart.  And what ideas have you tried
> that have just not succeeded the way you wished?
>
> Thanks,
> Nicolas Pachis, GIAC-GCIH
> IT Security, 1300 Torgersen Hall
> Virginia Polytechnic Institute and State University
> npachis () vt edu
> http://www.security.vt.edu