Educause Security Discussion mailing list archives
Re: Faculty and Staff IT Security Awareness
From: Marty Manjak <mm376 () ALBANY EDU>
Date: Tue, 4 Mar 2008 19:22:40 -0500
One of the methods we use to increase staff awareness is to integrate information security into our Internal Controls initiative. The ISO participates in (almost) every Internal Controls review or follow up with departmental or business unit managers, deans, directors, supervisors. We make it clear to them that securing information assets is part of the Internal Controls spectrum of risk management. We review their environment, talk about the assets they manage, and discuss the controls they have in place and whether they are adequate. One of the results of these meetings is that the controls are implemented by the department/unit, not the ISO, i.e., they are not superimposed from the top down, but grow organically out of the discussions and the recognition on the part of the staff that they need to make adjustments based on best practices and the nature of the information they handle. These meetings also help to establish personal relationships between management and the ISO. I make it clear to them that I serve as an institutional resource and that I'm available should they have any questions regarding proper procedures for protecting information. These face-to-face meetings are very valuable in establishing the authority of the ISO, prioritizing information security, and providing directors and managers with concrete actions they can take to improve their policies and procedures (risk management). Marty Manjak CISSP Information Security Officer University at Albany
Good Afternoon, I was hoping to spark a discussion / feedback on the methods that other Colleges and Universities are using to promote awareness within faculty and staff. Currently we use new employee orientation, our Faculty Development Institute, and various newsletters, printable materials, etc. We are looking to expand our methods and wondered if anyone out there had any sure-fire methods they use they would like to share. Do you tie it with another group on your campus or run it solo? How have you rated its success or failure to promote the awareness concepts you were trying to impart. And what ideas have you tried that have just not succeeded the way you wished? Thanks, Nicolas Pachis, GIAC-GCIH IT Security, 1300 Torgersen Hall Virginia Polytechnic Institute and State University npachis () vt edu http://www.security.vt.edu
Current thread:
- Faculty and Staff IT Security Awareness Nicolas Pachis (Mar 03)
- <Possible follow-ups>
- Re: Faculty and Staff IT Security Awareness John Kristoff (Mar 03)
- Re: Faculty and Staff IT Security Awareness Allison Dolan (Mar 04)
- Re: Faculty and Staff IT Security Awareness Marty Manjak (Mar 04)
- Re: Faculty and Staff IT Security Awareness Theresa Rowe (Mar 10)
- Re: Faculty and Staff IT Security Awareness Martin Manjak (Mar 12)
- Re: Faculty and Staff IT Security Awareness Randy Marchany (Mar 12)