Re: Awareness training and sanctions

["Di Fabio, Andrea" <adifabio () NSU EDU>]

The state of Virginia mandates yearly security awareness training for all
state employees and state agencies. We have therefore implemented a state
endorsed security training using a third party company which is endorsed by
our state contract. We disable network access for accounts that do not
comply.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Kidd
Sent: Tuesday, June 28, 2011 2:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Awareness training and sanctions

 

We have implemented and rolled-out mandatory training for about half of
campus. Department Chairs, Deans, etc. are responsible for ensuring
compliance, but we have published a "tiered sanctions matrix" which outlines
potential consequences for non-compliance.

 

Chris

 

Chris Kidd

Chief Information Security and Privacy Officer

University of Utah Health Care

University of Utah

650 Komas Drive, Suite 102

Salt Lake City, UT 84108

Office: 801.587.9241

Cell: 801.747.9028

chris.kidd () utah edu 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Banks, Teresa E -
(tbanks)
Sent: Tuesday, June 28, 2011 12:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Awareness training and sanctions

 

The University of Arizona has mandatory all-employee training.  We expect
department heads to enforce the requirement.  While we have not put forward
any "sticks" in this regard, we are currently at almost 100% compliance
after one year and are getting ready to launch our refresher.  We have
gotten to this point through a tremendous amount of communication over the
past year, monthly interaction with all campus units, and by providing
materials that users have found helps them out not only at work, but also in
their home security.  You can access our materials at
http://security.arizona.edu/infosecessentials. 

 

I hope this helps.

 

Teresa

 

Teresa E. Banks

Senior Program Coordinator

University Information Security Office

University of Arizona

1077 North Highland Avenue

P. O. Box 210073

Tucson, AZ  85721-0073

tbanks () email arizona edu

http://security.arizona.edu

Phone:  (520) 621-UISO (8476)

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles Seitz
Sent: Tuesday, June 28, 2011 11:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Awareness training and sanctions

 

I am researching how other institutes of higher learning approach security
awareness training and what sanctions for bad behavior are available, like
giving up credentials to phishers more than once. We've put together some
online training and I'm trying to convince the powers that be to make it
mandatory with sanctions for bad online behavior after having acknowledged
that they received and understood the training. The trouble is figuring out
what other institutions, especially public ones, do for training and
sanctions. So how do y'all handle it? 

 

Thanks,

 

Charlie

  _____  

Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu
(731) 881-7966
Mobile (615) 948-3641

Attachment: smime.p7s
Description: