Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Online Security Awareness Training

From: Ronald King <ronald.king () MORGAN EDU>
Date: Tue, 17 Jan 2017 21:36:10 -0500
We too use MediaPro. We rolled it out in November. We compared them with
Wombat, SANS, and Awareity. The training is excellent and very
customizable. We have had a lot of positive feedback from the candidates.
We chose them because of the flexibility and the variety of modules. We
expect other departments to use it for other types of training, such as PCI
for Bookstore employees. Another positive is the interactive nature and
various methods of training. Some include videos but many require the users
to click to learn more or participate in various activities. The reports
that are generated are very in depth and you can build teams (AKA
departments) so others can manage, say the bookstore manager for PCI
training mentioned a moment ago.

However, we decided to use the LMS they partnered with. It is limited in
many areas that we need from a management aspect. The training is mandatory
for all faculty and staff. So, we must track progress. The LMS does not do
this except to record when the user logged in or completed the training. I
want to know if the % complete when a user stated they completed the
training. The LMS limits you to one notification based on time. We really
need more. We are manually sending messages out to users that are past due
for training. I am at the point that I am looking at alternatives to move
to for the LMS side even though we have two more years left.

I looked at SANS before. Its good, especially for the HiEd price, but, when
I tested it, it was all videos and it didn't track progress. I wanted more
to keep candidates interested.

Kyle, here a re few lessons learned and recommendations:

   - Take heed that the training is not compatible on cell phones. The
   biggest complaint is the users that have completed the training but have
   not had their scores recorded. Talk to MediaPro for more details on why
   this is.
   - Encourage the candidates to save their certificate of completion and
   assessment scores. If you have to track who has completed, this will be
   your fall back.
   - Make sure the candidate information is correct when importing the
   trainees. There is an option for accounts to automatically be created the
   first time they login if it doesn't exist. We have had dozens of duplicate
   accounts because email addresses we imported were aliases to what they
   actually login with.
   - Be prepared to manage each trainee individually once imported. After
   import, we found over 30 accounts that were no longer active and I had to
   deactivate each one manually.

I welcome any questions as to our experience with MediaPro either here or
offline.

Ron

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>


On Tue, Jan 17, 2017 at 3:31 PM, Johnson, Kyle A <KAJohnson () indianatech edu>
wrote:


We are implementing training using the company MediaPro. Their courses are
very customizable and can be rearranged very easily. The end of course
assessment dynamically builds in the background as you are choosing topics
as well. We are about a month away from rolling it out, so I am not sure
what the performance will look like, but so far, I have been impressed with
them and their products.



Hope this helps.



*Kyle Johnson*, GSEC, CEH

Information Security Officer

[image: INDTECH]

kajohnson () indianatech edu / www.IndianaTech.edu
<http://www.indianatech.edu/>

O: 260-422-5561 x2107 <(260)%20422-5561>

M: 260-343-1606 <(260)%20343-1606>

1600 E. Washington Blvd. / Fort Wayne, IN 46803



*PHISHING? Forward the email to abuse () indianatech edu
<abuse () indianatech edu> for reporting and investigation*



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Baillio, Aaron
*Sent:* Tuesday, January 17, 2017 3:26 PM

*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Online Security Awareness Training



We just went with a company called Lawroom who had an excellent 50 minute
security training.  We had them break it up unto 5 different modules based
on the information covered.  They are a mix of video, reading and quizzes
and is very professional and well done.  Additionally, it comes 503
compliant and integrated into our existing LMS system.



Very happy with it.



B. Aaron Baillio, Sec+, CEH, CISSP

*University of Oklahoma, Information Technology*

Managing Director, Security Operations and Architecture

O: 405-325-7948 <(405)%20325-7948>

C: 254-400-6404 <(254)%20400-6404>



Annual password changes are now required.  Visit accounts.ou.edu to
change your password today!







*From:* The EDUCAUSE Security Constituent Group Listserv [
mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
Behalf Of *Robert Smith
*Sent:* Tuesday, January 17, 2017 1:59 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Online Security Awareness Training



Hi,



We too are using SANS for annual training.  Feedback is generally
positive.  For year two, we added a shorter (~35 minute) refresher of the
SANS training.  We are looking at strategies for students and other ways to
make the training more effective for faculty/researchers.

Have a  marvelous day,



Robert Smith, CISSP, PMP

Systemwide IT Policy Director

*University of California*

(510) 587-6244 (o)

(510) 541-8103 (m)

robert.smith () ucop edu



*From:* The EDUCAUSE Security Constituent Group Listserv [
mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
Behalf Of *Todd Britton
*Sent:* Tuesday, January 17, 2017 11:51 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Online Security Awareness Training



Hi Linda,



                We have used SANS Securing the Human very successfully for
the past several years. Due to educational pricing, the cost was very low.
Our faculty and staff have provided feedback that they like the training
because it is concise, short in duration, and full of good information. We
are kicking off a plan to augment this offering with face-to-face training
to dive a little deeper. Happy to answer any questions you may have about
our experience with SANS. Good luck!



*Todd Britton, Ed.D.*

*PMP, CSM, CISM, CRISC, ITILv3F, MCSE, CGEIT*

Chief Information Officer (CIO)

Associate Vice President

Office of Information Technology



*University of La Verne*

1950 Third Street | La Verne, California | 91750

Office: 909 448 4124 <(909)%20448-4124>

Email or Video call: tbritton () laverne edu

laverne.edu





[image: University of La Verne 125th Anniversary: Generations of
Transforming Lives]



*From:* The EDUCAUSE Security Constituent Group Listserv [
mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
Behalf Of *Ludwig, Linda
*Sent:* Tuesday, January 17, 2017 11:38 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Online Security Awareness Training



I am researching online solutions for on-demand online security awareness
training for our faculty/staff. I did a search of the archives and did not
find any recent discussion of the topic since 2010 or so. So I was hoping I
could get some recent reviews of what is available for online information
security awareness. So far I have looked at SANS, Knowb4, and Inspire
eLearning.



I am interested in learning what other colleges are using and if you have
any reviews on the three I mentioned or others.



Thank you for your assistance,



Linda Ludwig

Information Security Awareness Specialist

Grinnell College

ludwigl () grinnell edu

Previous By Date Next
Previous By Thread Next

Current thread: