Educause Security Discussion mailing list archives

Re: Security training/conference for senior executives

From: Brad Judy <brad.judy () CU EDU>
Date: Wed, 30 Aug 2017 16:01:15 +0000

Personally, I would not send senior executives to third-party security training.  Develop your own training session 
that covers your institutions risks, policies, resources, etc. in the context of the broader information security 
landscape.  Help them make the connections between what they might hear in the news and what that means to your campus. 
 Give them a chance to ask about how it impacts specific topics of concern to them.  Get more in-person time with them 
to build trust.

It also forces you to be able to answer a lot of questions they might have:


·         Does (HIPAA, GLBA, EU GDPR, FISMA, PCI, etc.) apply to us?

·         What would a breach cost us?

·         Would our insurance cover that?

·         How many records with SSNs do we have?

·         How much do we spend on information security?

·         What things do we do to protect data?

·         Do we store sensitive information with third-parties?

·         How/when do we engage with law enforcement?

·         What about this thing I heard in the news?

Even if it means spending a good chunk of time getting multiple face-to-face meetings scheduled, spending 30-60 minutes 
with each senior executive (or them as a group) can have immense value in building their understanding of the issues 
and their trust in you to chart a path to address them.

Brad Judy

Information Security Officer
Office of Information Security
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu<http://www.cu.edu/>

[u-logo_fl]



From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Alan Bowen <abowen () FANDM EDU>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, August 30, 2017 at 8:13 AM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Security training/conference for senior executives

Hello,

Can anyone recommend a short training session or conference for senior executive(s) that are not information security 
practitioners?  The goal is to raise their level of knowledge about information security topics. I’ve had the benefit 
of attending SANS training but the appropriate classes seem to be five days long and that’s simply not going to work.

—
Alan Bowen
Chief Information Security Officer
Franklin and Marshall College

Current thread:

Security training/conference for senior executives Alan Bowen (Aug 30)
- Re: Security training/conference for senior executives Jones, Justin (Aug 30)
- Re: Security training/conference for senior executives Brad Judy (Aug 30)
  - Re: Security training/conference for senior executives Frank Barton (Aug 30)
    - Re: Security training/conference for senior executives Charles Curtis (Aug 30)
- Re: Security training/conference for senior executives Radhakrishnan, Rashmi (Aug 30)
- Re: Security training/conference for senior executives Greg Williams (Aug 30)
- <Possible follow-ups>
- Re: Security training/conference for senior executives John Kristoff (Aug 30)