Re: IT Security Awareness Training

["Plesco, Todd" <tplesco () CHAPMAN EDU>]

As a matter of general practice, I develop customized awareness &
training to each particular audience.  Often, the material of a 3rd
party vendor's program may present irrelevant material or contradictory
in fact.  (Though, it could serve the purpose of letting you check off
your 'to do' if your strapped for resources.)

 

Some of the key concepts for the general computer user may be "rights &
responsibilities", "sanctions" , "breach/violation notification",
"contact/support info" and most importantly " computer usage agreement"
(with signature.)

 

Todd A. Plesco  CISM, CBCP

Chapman University, Director of Information Security

One University Drive, Orange, CA 92866

Phone: (714) 744-7979/Fax: (714) 744-7041

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di Fabio, Andrea
Sent: Wednesday, May 06, 2009 6:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IT Security Awareness Training

 

Experts,

 

I would like to know what your institution is doing to ensure that IS
Training is delivered to all your users of IT systems.  The Commonwealth
of Virginia requires that all IT users undergo IS training.  In the
past, we developed and in house web based training.  To access the
training a user has to authenticate with their LAN account, and once the
training is completed an entry is added to a SQL database.  When it
comes time to check who has taken the training and who hasn't, the
process of checking SQL entries vs. AD users becomes quite lengthy and
manual.

 

Short of deploying an Identity Management system, which we are actually
starting to look into, what are you doing  to automate a process such as
this one?  Can you suggest any open source software or solution?  Would
LimeSurvey do the trick?

 

Thanks for your feedback.