Educause Security Discussion mailing list archives

Re: Mandatory information security awareness training

From: "Banks, Teresa E - (tbanks)" <tbanks () EMAIL ARIZONA EDU>
Date: Thu, 18 Apr 2013 15:00:51 +0000

All three state universities in Arizona (University of Arizona, Arizona
State, and Northern Arizona University) have mandatory all-employee
awareness.  We developed our own, and presented on it at the Educause
Security Professionals Conference in 2011.  You can find our training at
http://security.arizona.edu/infosecessentials.

 

We wanted to make sure we didn't just cover what auditors required of us -
we wanted to help our users understand the WIIFM (What's in it for me).  The
program has been very successful.  We are in the process of updating it now.

 

If you have questions, please don't hesitate to contact Kelley Bogart
(520-626-8232, bogartk () email arizona edu) or me.

 

Best,

Teresa E. Banks

Manager, Information Security 

   & Compliance Programs

University of Arizona Information Security

 <mailto:tbanks () email arizona edu> tbanks () email arizona edu

Phone:  520.621.8476

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Self, Dennis
Sent: Friday, April 12, 2013 2:05 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Mandatory information security awareness training

 

Beth,

 

We have the requirement (not policy yet, but administration agreement) but
not everyone has taken it.  The training, Securing the Human from SANS
Institute, has been available for approaching two years.

 

Dennis Self, CISSP

Director, IT Security & Compliance

Technology Services

Samford University

(205) 726-2692

 

From: "Chancellor, Beth C." <ChancellorB () MISSOURI EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, April 12, 2013 2:59 PM
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Mandatory information security awareness training

 

 

I need to identify institutions that have mandatory information security
awareness training for all employees. MU has required training for certain
segments of our employee population but not for all.  Please reply to me if
you have already have such a policy that covers everyone.

 

Thanks,

Beth

 

Beth Chancellor

chancellorb () missouri edu

MEd, CISSP

Associate CIO &

Chief Information Security Officer

University of Missouri

(573) 882-3503

Attachment: smime.p7s
Description:

Current thread:

Mandatory information security awareness training Chancellor, Beth C. (Apr 12)
- Re: Mandatory information security awareness training David Curry (Apr 12)
- Re: Mandatory information security awareness training Flynn, Gary - flynngn (Apr 12)
- default reply-to address of SECURITY list Flynn, Gary - flynngn (Apr 12)
  - Re: default reply-to address of SECURITY list Valdis Kletnieks (Apr 15)
- Re: Mandatory information security awareness training Self, Dennis (Apr 12)
  - Re: Mandatory information security awareness training Banks, Teresa E - (tbanks) (Apr 18)
    - Re: Mandatory information security awareness training Drew Perry (Apr 18)
- Re: Mandatory information security awareness training Dan Han (Apr 12)
  - Re: Mandatory information security awareness training Jeff Holden (Apr 12)
- Re: Mandatory information security awareness training Palmer, Kevin J. (Apr 12)