Re: Security Awareness Training Tool(s)

["Husfield, John C" <jchusfield () ECSU EDU>]

AT ECSU we are using KnowBe4. They have really engaging videos with basic hacking demos and metrics for attestation. I 
have used SANS Securing the human and it is very good too. Both hit very specific target subject areas very well.

In the end we subscribed to KnowBe4 for the engaging content and a super pricing deal. I have had very positive 
feedback to a basic after-survey of both training systems.

Best regards,

John Husfield, MS
Information Security Officer

Elizabeth City State University
1704 Weeksville Rd. Elizabeth City, NC 27909
phone: 252.335.2497
email: jchusfield () ecsu edu<mailto:jchusfield () ecsu edu>
[ECSU Email Signature Logo]

Lynda.com is free for ECSU students, faculty and staff. Learn business, software and creative skills-anytime, 
anywhere-with video instruction from industry experts. Try it out today!  Click on the icon to sign in through the DIT 
SSO portal.


With Office 365<https://www.microsoft.com/en-us/education/products/office/default.aspx> you can view, edit, and share 
Microsoft Word, Excel, PowerPoint, and OneNote files on your devices using a web browser, so you can work anywhere.  
Store your files in the cloud with OneDrive and collaborate with other ECSU students, faculty and staff.  Download the 
latest version of Microsoft apps, including Skype for Business, onto 5 different devices.  Click on the icon to sign in 
through our SSO portal.


Confidentiality Notice:
This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. 
The information is intended to be for the use of the individual or entity designated above. If you are not the intended 
recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any 
disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other 
than the intended recipient is prohibited.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hendra 
Hendrawan
Sent: Friday, October 20, 2017 12:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Awareness Training Tool(s)

+1

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Francisco Chavez
Sent: Thursday, October 19, 2017 11:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Training Tool(s)

Scott,

            We just rolled out our security Awareness Training for faculty and staff this month. We are using SANS 
Securing The Human training modules and delivering it through our Moodle LMS. We have built in course feedback to 
capture their impressions on the course. Overall, we have had very positive results. People are very happy about how 
engaging the content is for them. However, i would definitely review the content before you decide to include it in the 
course. Some modules are very specific and don’t necessarily apply to faculty/staff.

We have found through research that if we keep the course around 30 min people are more likely to complete the full 
course.

Hope this helps!

Regards,
Francisco Chavez


[cid:image003.jpg@01D34CBB.71F6EE80]



Network and Systems Engineer
fac3 () stmarys-ca edu<mailto:fac3 () stmarys-ca edu>
Office: (925) 631-8236



On Oct 19, 2017, at 8:43 AM, Scott Stoops <sstoops () ASHLAND EDU<mailto:sstoops () ASHLAND EDU>> wrote:

We have been looking into security awareness training and have looked at a couple of vendors. We are now looking into 
the SANS Securing The Human. I'd appreciate any feedback on how well this has worked out. What kinds of feedback has 
anyone gotten from their users?

On Thu, Oct 19, 2017 at 11:39 AM Kevin Cumberland <KCumberland () csmd edu<mailto:KCumberland () csmd edu>> wrote:
We use PhishMe also but just for the running phishing campaigns.  It's great for that as it has a lot of predefined 
templates for both phishing and creating awareness newsletters.  We use SANS Securing the Human for the content that we 
then import into our LMS.  We have mandated that all employees complete security awareness training

Kevin Cumberland
Network Security Administrator
Information Technology Services
College of Southern Maryland
kcumberland () csmd edu<mailto:kcumberland () csmd edu>
Phone: 301.539.4716<tel:(301)%20539-4716>


> > > Ronald Loneker <rloneker () CSE EDU<mailto:rloneker () CSE EDU>> 10/19/2017 11:25 AM >>>
Sorry I'm late to seeing this.
Phishme.com<http://Phishme.com> offers training with a phishing simulation program that they charge for. They also do 
have free training modules for those who cannot purchase their service - I was able to load them into our Moodle LMS to 
create a training course for our faculty and staff, although we have not mandated the training yet.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall, Room 202C
2 Convent Road<https://maps.google.com/?q=2+Convent+Road+Morristown,+NJ+07960&entry=gmail&source=g>
Morristown, NJ 07960<https://maps.google.com/?q=2+Convent+Road+Morristown,+NJ+07960&entry=gmail&source=g>

Phone: 973-290-4229<tel:973-290-4229>

e-mail: rloneker () cse edu<mailto:rloneker () cse edu>


CSE's IT department will never ask for your password, social security number or other personal information in an e-mail 
message.

Please do not share any information with others!







On Mon, Oct 9, 2017 at 7:49 AM, Martinez, Brian <brm () msu edu<mailto:brm () msu edu>> wrote:
Good morning all,
With it being National Cyber Security Awareness Month, this inquiry I’ve been sitting on seems particularly relevant:
We presently have some training tools for general security awareness, PCI training, and HIPAA training in our primary 
LMS and have been contemplating moving to a different platform (the tools, not the LMS). I’m curious to know what 
platforms/tools other institutions are using and whether or not they think it provides great value.
Specifically, I guess I’d like to know:

  *   Which training program are you using?
  *   Are there additional modules available such as PCI training? HIPAA? FERPA? Etc.
  *   Is it/can it be integrated with a Learning Management System?
  *   Do you think it provides great value to the userbase you support?
  *   Are you considering switching to something else? Why?
  *   Anything else you’d like to share (e.g. Do you have regular events promoting awareness? Phishing campaigns? Etc.)
Please feel free to contact me off list.
Thank you!
Brian R. Martinez
Information Security
Michigan State University
Office: +1-517-884-8791<tel:(517)%20884-8791>
brm () msu edu<mailto:brm () msu edu>

--
Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu<mailto:sstoops () ashland edu>