Re: Mandatory information security awareness training

[Drew Perry <aperry () MURRAYSTATE EDU>]

Much like Samford, Murray State has mandatory training through SANS
Securing the Human for al Faculty and Staff. We purchased a large block
through REN-ISAC pricing. I believe there is another purchasing window
coming up in July. We're also looking into re-training with some components
for policy violations. For instance, if your email account is compromised
from a phishing attack, you must re-take the email and password modules
before your account will be re-activated.

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*


On Thu, Apr 18, 2013 at 10:00 AM, Banks, Teresa E - (tbanks) <
tbanks () email arizona edu> wrote:

> All three state universities in Arizona (University of Arizona, Arizona
> State, and Northern Arizona University) have mandatory all-employee
> awareness.  We developed our own, and presented on it at the Educause
> Security Professionals Conference in 2011.  You can find our training at
> http://security.arizona.edu/infosecessentials.****
>
> ** **
>
> We wanted to make sure we didn’t just cover what auditors required of us –
> we wanted to help our users understand the WIIFM (What’s in it for me).
> The program has been very successful.  We are in the process of updating it
> now.****
>
> ** **
>
> If you have questions, please don’t hesitate to contact Kelley Bogart
> (520-626-8232, bogartk () email arizona edu) or me.****
>
> ** **
>
> Best,****
>
> *Teresa E. Banks*
>
> Manager, Information Security ****
>
>    & Compliance Programs****
>
> University of Arizona Information Security****
>
> tbanks () email arizona edu****
>
> Phone:  520.621.8476****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Self, Dennis
> *Sent:* Friday, April 12, 2013 2:05 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Mandatory information security awareness
> training****
>
> ** **
>
> Beth,****
>
> ** **
>
> We have the requirement (not policy yet, but administration agreement) but
> not everyone has taken it.  The training,* Securing the Human* from SANS
> Institute, has been available for approaching two years.****
>
> ** **
>
> Dennis Self, CISSP****
>
> Director, IT Security & Compliance****
>
> Technology Services****
>
> Samford University****
>
> (205) 726-2692****
>
> ** **
>
> *From: *"Chancellor, Beth C." <ChancellorB () MISSOURI EDU>
> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU>
> *Date: *Friday, April 12, 2013 2:59 PM
> *To: *<SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject: *[SECURITY] Mandatory information security awareness training***
> *
>
> ** **
>
>  ****
>
> I need to identify institutions that have mandatory information security
> awareness training for *all employees*. MU has required training for
> certain segments of our employee population but not for all.  Please reply
> to me if you have already have such a policy that covers everyone.****
>
>  ****
>
> Thanks,****
>
> Beth****
>
>  ****
>
> *Beth Chancellor*****
>
> *chancellorb () missouri edu*****
>
> *MEd, CISSP*****
>
> *Associate CIO &*****
>
> *Chief Information Security Officer*****
>
> *University of Missouri*****
>
> *(573) 882-3503*****
>
> * *****
>
>  ****