Educause Security Discussion mailing list archives

Re: Compliance Training for Security Analysts

From: Brad Judy <win-hied () BRADJUDY COM>
Date: Thu, 2 Aug 2012 12:49:29 -0600

I think compliance-specific training is only the right track if you need to
train up your staff in order to be able to make compliance related judgment
calls for your institution (is X a PCI-compliant approach).  If this is the
case, then something like PCI ISA training might be worthwhile (and lend an
official status that your acquiring bank would appreciate).  If that isn't
your goal, then I advise assessing your team's skillset against the security
landscape and targeting deep training on areas of need that relate to
compliance.  

 

For example, does your team need more strength in application security
assessment, database security methods, forensics, incident response
handling, a particular technology you are using (firewall, IDS, DLP, etc)?
Or maybe the best next step is scripting/coding training for building
in-house tools.  

 

I prefer hitting individual topics in depth to an overview approach because
I think the deeper understanding lends a lot to the best application of the
information as well as longer retention of the information.  It takes longer
to build out a breadth of knowledge this way, but it's about career
professional development, not quick turn-around.

 

Brad Judy

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, A J (A. J.)
Sent: Thursday, August 02, 2012 9:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Compliance Training for Security Analysts

 

Hello all,

 

I'm considering sending some staff to training (and/or certification) on
HIPAA and PCI-DSS.  This should be classes targeted for security analysts
who work on compliance assessments.

 

What good or bad experiences have EDUCAUSE folks had?  Any recommendations?
Companies to avoid?

 

I don't want to send staff to training that doesn't add value to what they
already know or can pick up from reading the compliance documents.

 

Thanks,

ajw

--

A. J. Wright 
Chief Information Security Officer

 

University of Tennessee - System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN  37996-1717
Phone:  865-974-0637

Email:  <mailto:ajw () tennessee edu> ajw () tennessee edu

Current thread:

Compliance Training for Security Analysts Wright, A J (A. J.) (Aug 02)
- Re: Compliance Training for Security Analysts Basile, Daniel L. (Aug 02)
  - Re: Compliance Training for Security Analysts Dan Sarazen (Aug 02)
    - Re: Compliance Training for Security Analysts Wayne S. Martin (Aug 02)
- Re: Compliance Training for Security Analysts Brad Judy (Aug 02)