Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: key topics to include in security awareness training materials

From: "Then, Keri" <Keri_Then () REDLANDS EDU>
Date: Mon, 9 Feb 2009 12:07:25 -0800
We have pilot tested a "computer" security awareness training program
meant to train all University employees that use computers from Inspired
eLearning, Inc.
http://www.inspiredelearning.com/sat/default.htm?link=id3

We hope to deploy this training this year.  Feedback from our pilot test
was very good.  They have several modules ranging from user based to
higher level training for security experts.  This web based training
seems to be kept current with yearly updates.

Regards,
Keri

Keri A. Then
Director of Enterprise Services, ITS
University of Redlands
 
Phone 909-748-8318
Fax 909-793-2029


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peterman, Martin
(mdp4s)
Sent: Monday, February 09, 2009 11:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] key topics to include in security awareness
training materials

We have a few efforts that are on-going such as

-an online tutorial (facts about IT security and then questions)
-yearly assessment of strategy for our various populations
-a community outreach program (www.whoswatchingcharlottesville.org)
-a big push for October (National Cyber Security Awareness Month)
-our IT security web site (www.itc.virginia.edu)

We periodically reassess our awareness needs and also cast an eye
towards popular media to see what is holding the attention of people.

Of late, we have been raising awareness around sensitive data
(employees), phishing (everyone), and social online networks (mostly
students).

Please contact me offlist if you have any questions.

Thanks,
Marty

Marty Peterman, CISSP                                       
peterman () virginia edu
Information Security Analyst
Information Security, Policy, and Records Office (ISPRO)
Office of the Vice President/CIO
University of Virginia, 2400 Old Ivy Rd.                 Phone
434.243.4909
Box 400898, Charlottesville, VA 22904-4898               Fax
434.243.9197
http://www.itc.virginia.edu/security/    


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie
Sent: Friday, February 06, 2009 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] key topics to include in security awareness
training materials

Tim Cline wrote:

Greetings,

I wanted to send a very general email message to start a conversation

on

security awareness. For those of you who have something that you
currently use for security awareness training and dissemination of
information, whether developed in-house or third-party courseware
management platform, could you send a reply and let me know what are

the

key topics that you are covering?


* Choosing a good password, and not sharing it.

* Recognizing and avoiding phishing scams.

* IT will never ask for your password over the phone or in an email.
Honest.

That covers the vast, vast majority of potential problems. One of the
issues with doing security training is scope creep -- you feel that with
the campus community listening, you should tell them about _everything_
they need to know in information security. Don't. Instead, focus on a
few simple things, because bombarding end users with information just
guarantees that they won't retain any of it.

--Matt

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: