Educause Security Discussion mailing list archives

Re: key topics to include in security awareness training materials

From: "Peterman, Martin (mdp4s)" <mdp4s () VIRGINIA EDU>
Date: Mon, 9 Feb 2009 15:43:09 -0500

Hi Leon,

We go to the people and educate.  We have as many as three people presenting at one time, sometimes less.

We do have policy about our sensitive data, but no policy concerning use of social online networks.  We have not 
encountered the scenario of someone sharing University data on these sites.  Our policy states that our data must be on 
our systems.

Thanks for asking,
Marty

Marty Peterman, CISSP
peterman () virginia edu
Information Security Analyst
Information Security, Policy, and Records Office (ISPRO)
Office of the Vice President/CIO
University of Virginia, 2400 Old Ivy Rd.                 Phone  434.243.4909
Box 400898, Charlottesville, VA 22904-4898               Fax    434.243.9197
http://www.itc.virginia.edu/security/

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leon 
DuPree
Sent: Monday, February 09, 2009 3:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] key topics to include in security awareness training materials

Marty,

How do you guys address the social networking websites with staff, faculty and students.
In corporate and government security these thing are pretty much blocked.

How do you manage it?  Policy? Advisement?


Thanks

Leon DuPree
LSA-IT Intern University of Michigan Ann Arbor
On Mon, Feb 9, 2009 at 2:50 PM, Peterman, Martin (mdp4s) <mdp4s () virginia edu<mailto:mdp4s () virginia edu>> wrote:
We have a few efforts that are on-going such as

-an online tutorial (facts about IT security and then questions)
-yearly assessment of strategy for our various populations
-a community outreach program (www.whoswatchingcharlottesville.org<http://www.whoswatchingcharlottesville.org/>)
-a big push for October (National Cyber Security Awareness Month)
-our IT security web site (www.itc.virginia.edu<http://www.itc.virginia.edu/>)

We periodically reassess our awareness needs and also cast an eye towards popular media to see what is holding the 
attention of people.

Of late, we have been raising awareness around sensitive data (employees), phishing (everyone), and social online 
networks (mostly students).

Please contact me offlist if you have any questions.

Thanks,
Marty

Marty Peterman, CISSP
peterman () virginia edu<mailto:peterman () virginia edu>
Information Security Analyst
Information Security, Policy, and Records Office (ISPRO)
Office of the Vice President/CIO
University of Virginia, 2400 Old Ivy Rd.                 Phone  434.243.4909
Box 400898, Charlottesville, VA 22904-4898               Fax    434.243.9197
http://www.itc.virginia.edu/security/


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Matthew Gracie
Sent: Friday, February 06, 2009 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] key topics to include in security awareness training materials

Tim Cline wrote:

Greetings,

I wanted to send a very general email message to start a conversation on
security awareness. For those of you who have something that you
currently use for security awareness training and dissemination of
information, whether developed in-house or third-party courseware
management platform, could you send a reply and let me know what are the
key topics that you are covering?


* Choosing a good password, and not sharing it.

* Recognizing and avoiding phishing scams.

* IT will never ask for your password over the phone or in an email. Honest.

That covers the vast, vast majority of potential problems. One of the
issues with doing security training is scope creep -- you feel that with
the campus community listening, you should tell them about _everything_
they need to know in information security. Don't. Instead, focus on a
few simple things, because bombarding end users with information just
guarantees that they won't retain any of it.

--Matt

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu<mailto:graciem () canisius edu>
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg



--
Leon & Lisa DuPree
1327 Chissom Trail
Flint Township, MI 48532
810-471-3872 Phone
270- 447-3872 Fax

Current thread:

Re: key topics to include in security awareness training materials, (continued)
- Re: key topics to include in security awareness training materials Donald, A. Wayne (Feb 05)
- Re: key topics to include in security awareness training materials Melissa Guenther (Feb 05)
- Re: key topics to include in security awareness training materials Adam Stone (Feb 05)
- Re: key topics to include in security awareness training materials Gary Flynn (Feb 05)
- Re: key topics to include in security awareness training materials Karl Heins (Feb 05)
- Re: key topics to include in security awareness training materials jeff murphy (Feb 05)
- Re: key topics to include in security awareness training materials Matthew Gracie (Feb 06)
- Re: key topics to include in security awareness training materials Peterman, Martin (mdp4s) (Feb 09)
- Re: key topics to include in security awareness training materials Leon DuPree (Feb 09)
- Re: key topics to include in security awareness training materials Then, Keri (Feb 09)
- Re: key topics to include in security awareness training materials Peterman, Martin (mdp4s) (Feb 09)
- Re: key topics to include in security awareness training materials mcoyle (Feb 10)
- Re: key topics to include in security awareness training materials Leon DuPree (Feb 10)