Re: Compliance Training for Security Analysts

["Wayne S. Martin" <MartinW () BRCC EDU>]

Hi,

I agree with Dan. Focusing on a single regulation risks missing key concepts that are incorporated in CISSP, CISA, and 
other information security certifications. These are broad-based and provide deeper understandings of compliance 
challenges and opportunities.

I also wish you luck.

Wayne S. Martin
Director Public Safety
Emergency Coordination Officer
Security & Compliance Coordinator
Information Security Officer
Blue Ridge Community College
Post Office Box 80
One College Lane
Weyers Cave, Virginia 24486
Office: (540)453-2347
Fax: (540)234-9066


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan 
Sarazen
Sent: Thursday, August 02, 2012 12:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Compliance Training for Security Analysts

Hi A.J.,

Might I suggest you consider a more holistic approach and rather than sending folks to targeted HIPAA or PCI training, 
target key staff for possible CISSP or CISA training and certification? Between the exams, text books and test data 
bases, neither of my certification cost more than $1,000 and they will be exposed to all applicable regulations.

Both of these are good (CISSP is better) at providing an overall understanding of compliance requirements (Including 
HIPAA and PCI) in an IT shop.

Feel free to contact me if you have questions.

Good Luck,

Dan Sarazen
Senior IT Auditor
The Boston Consortium for Higher Education
Brandeis University, Mailstop 110
Phone: 781-736-8703
Cell:     781-296-4444
Fax:     781-736-8706



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Basile, Daniel L.
Sent: Thursday, August 02, 2012 11:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: Compliance Training for Security Analysts

The real question is, does any good training even exist for the HIPAA security rule?  There is a ton of training for 
the privacy bits and for office staff.  Very little to nothing for the security side as far as I have found.

Dan Basile
Information Security Officer
Texas A&M Health Science Center

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, 
A J (A. J.)
Sent: Thursday, August 02, 2012 10:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Compliance Training for Security Analysts

Hello all,

I'm considering sending some staff to training (and/or certification) on HIPAA and PCI-DSS.  This should be classes 
targeted for security analysts who work on compliance assessments.

What good or bad experiences have EDUCAUSE folks had?  Any recommendations?  Companies to avoid?

I don't want to send staff to training that doesn't add value to what they already know or can pick up from reading the 
compliance documents.

Thanks,
ajw
--
A. J. Wright
Chief Information Security Officer

University of Tennessee - System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN  37996-1717
Phone:  865-974-0637
Email: ajw () tennessee edu<mailto:ajw () tennessee edu>