Educause Security Discussion mailing list archives
Re: Compliance Training for Security Analysts
From: "Wayne S. Martin" <MartinW () BRCC EDU>
Date: Thu, 2 Aug 2012 18:09:43 +0000
Hi, I agree with Dan. Focusing on a single regulation risks missing key concepts that are incorporated in CISSP, CISA, and other information security certifications. These are broad-based and provide deeper understandings of compliance challenges and opportunities. I also wish you luck. Wayne S. Martin Director Public Safety Emergency Coordination Officer Security & Compliance Coordinator Information Security Officer Blue Ridge Community College Post Office Box 80 One College Lane Weyers Cave, Virginia 24486 Office: (540)453-2347 Fax: (540)234-9066 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan Sarazen Sent: Thursday, August 02, 2012 12:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Compliance Training for Security Analysts Hi A.J., Might I suggest you consider a more holistic approach and rather than sending folks to targeted HIPAA or PCI training, target key staff for possible CISSP or CISA training and certification? Between the exams, text books and test data bases, neither of my certification cost more than $1,000 and they will be exposed to all applicable regulations. Both of these are good (CISSP is better) at providing an overall understanding of compliance requirements (Including HIPAA and PCI) in an IT shop. Feel free to contact me if you have questions. Good Luck, Dan Sarazen Senior IT Auditor The Boston Consortium for Higher Education Brandeis University, Mailstop 110 Phone: 781-736-8703 Cell: 781-296-4444 Fax: 781-736-8706 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Basile, Daniel L. Sent: Thursday, August 02, 2012 11:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: Compliance Training for Security Analysts The real question is, does any good training even exist for the HIPAA security rule? There is a ton of training for the privacy bits and for office staff. Very little to nothing for the security side as far as I have found. Dan Basile Information Security Officer Texas A&M Health Science Center From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, A J (A. J.) Sent: Thursday, August 02, 2012 10:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Compliance Training for Security Analysts Hello all, I'm considering sending some staff to training (and/or certification) on HIPAA and PCI-DSS. This should be classes targeted for security analysts who work on compliance assessments. What good or bad experiences have EDUCAUSE folks had? Any recommendations? Companies to avoid? I don't want to send staff to training that doesn't add value to what they already know or can pick up from reading the compliance documents. Thanks, ajw -- A. J. Wright Chief Information Security Officer University of Tennessee - System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 Email: ajw () tennessee edu<mailto:ajw () tennessee edu>
Current thread:
- Compliance Training for Security Analysts Wright, A J (A. J.) (Aug 02)
- Re: Compliance Training for Security Analysts Basile, Daniel L. (Aug 02)
- Re: Compliance Training for Security Analysts Dan Sarazen (Aug 02)
- Re: Compliance Training for Security Analysts Wayne S. Martin (Aug 02)
- Re: Compliance Training for Security Analysts Dan Sarazen (Aug 02)
- Re: Compliance Training for Security Analysts Brad Judy (Aug 02)
- Re: Compliance Training for Security Analysts Basile, Daniel L. (Aug 02)