Re: Security Awareness Training Tool(s)

["Madl, Michael" <michael.madl () INDWES EDU>]

Kevin,

I had started the implementation of this product at my last institution and while I can’t say I completed it prior to 
switching jobs I can say that I liked it a lot.  The content delivery was straight forward, the price was right and the 
tracking was a nice feature.  What I wish could have been improved upon was the support.  You basically get a single 
‘set up’ call and that is it (so take good notes and record your session).  You can pay for additional services I 
believe but we did not have the funding to do so.

Thanks


MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 SOUTH WASHINGTON STREET
MARION, IN 46953

765.677.2688   |   765.677.2020 FAX
michael.madl () indwes edu<mailto:mike.madl () indwes edu>

INDWES.EDU/IT<http://indwes.edu/IT>

[cid:image001.jpg@01D3436E.D1E0F1C0]

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Scott 
Stoops
Sent: Thursday, October 19, 2017 11:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Awareness Training Tool(s)

We have been looking into security awareness training and have looked at a couple of vendors. We are now looking into 
the SANS Securing The Human. I'd appreciate any feedback on how well this has worked out. What kinds of feedback has 
anyone gotten from their users?

On Thu, Oct 19, 2017 at 11:39 AM Kevin Cumberland <KCumberland () csmd edu<mailto:KCumberland () csmd edu>> wrote:
We use PhishMe also but just for the running phishing campaigns.  It's great for that as it has a lot of predefined 
templates for both phishing and creating awareness newsletters.  We use SANS Securing the Human for the content that we 
then import into our LMS.  We have mandated that all employees complete security awareness training

Kevin Cumberland
Network Security Administrator
Information Technology Services
College of Southern Maryland
kcumberland () csmd edu<mailto:kcumberland () csmd edu>
Phone: 301.539.4716<tel:(301)%20539-4716>


> > > Ronald Loneker <rloneker () CSE EDU<mailto:rloneker () CSE EDU>> 10/19/2017 11:25 AM >>>
Sorry I'm late to seeing this.
Phishme.com offers training with a phishing simulation program that they charge for. They also do have free training 
modules for those who cannot purchase their service - I was able to load them into our Moodle LMS to create a training 
course for our faculty and staff, although we have not mandated the training yet.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall, Room 202C
2 Convent Road<https://maps.google.com/?q=2+Convent+Road+Morristown,+NJ+07960&entry=gmail&source=g>
Morristown, NJ 07960<https://maps.google.com/?q=2+Convent+Road+Morristown,+NJ+07960&entry=gmail&source=g>

Phone: 973-290-4229<tel:973-290-4229>

e-mail: rloneker () cse edu<mailto:rloneker () cse edu>


CSE's IT department will never ask for your password, social security number or other personal information in an e-mail 
message.

Please do not share any information with others!







On Mon, Oct 9, 2017 at 7:49 AM, Martinez, Brian <brm () msu edu<mailto:brm () msu edu>> wrote:
Good morning all,
With it being National Cyber Security Awareness Month, this inquiry I’ve been sitting on seems particularly relevant:
We presently have some training tools for general security awareness, PCI training, and HIPAA training in our primary 
LMS and have been contemplating moving to a different platform (the tools, not the LMS). I’m curious to know what 
platforms/tools other institutions are using and whether or not they think it provides great value.
Specifically, I guess I’d like to know:

  *   Which training program are you using?
  *   Are there additional modules available such as PCI training? HIPAA? FERPA? Etc.
  *   Is it/can it be integrated with a Learning Management System?
  *   Do you think it provides great value to the userbase you support?
  *   Are you considering switching to something else? Why?
  *   Anything else you’d like to share (e.g. Do you have regular events promoting awareness? Phishing campaigns? Etc.)
Please feel free to contact me off list.
Thank you!
Brian R. Martinez
Information Security
Michigan State University
Office: +1-517-884-8791<tel:(517)%20884-8791>
brm () msu edu<mailto:brm () msu edu>

--
Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu<mailto:sstoops () ashland edu>