Educause Security Discussion mailing list archives
Re: Information Security Training
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Wed, 22 Aug 2018 16:15:49 +0000
A side note...quick reference that I assembled from a few sources.... Although I could not find a specific requirement for FERPA, it is mandatory for accreditation (this may affect what you are doing). If somebody does know where that could be in the FERPA reg, please let me know (I could have missed it). Security Awareness Compliance Requirement Standard/Regulation Location/Item Affecting Penalty General Data Protection Regulation (GDPR, European Union) regulation Function of Data Protection Officer EU citizens and privacy yes Gramm-Leach Bliley Act (GLBA) regulation Safeguard Rule Financial Aid yes Health Insurance Portability and Accountability Act (HIPAA) regulation 164.308.(a).(5) Clinics yes International Organization for Standardization (ISO) 27000 Framework standard 8.2.2 Whole university no National Institute of Standards and Technology 800-171 Framework standard PR.AT-1 Whole university no Payment Card Industry Data Security Standard standard 12.6 Those areas that process credit cards yes One Source - https://www.sans.org/sites/default/files/2017-12/sans-compliance-requirements.pdf Robert W. Barton Director of Information Security Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Michael Muto Sent: Wednesday, August 22, 2018 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information Security Training Hello Will, We are currently using the SANS Cybersecurity Awareness Platform to train our end users on security awareness. The platform allows you to choose different modules to assign out to your users. Feel free to contact me if you want to dig deeper into the SANS option. Thanks, Michael Muto Senior Information Security Engineer Duquesne University | Computing and Technology Services 600 Forbes Avenue, Pittsburgh, PA 15282 Phone: 412-396-4621 Email: mutom () duq edu<mailto:mutom () duq edu> GSEC, MCSE, MCSA, MCTS, MCP, CCNA Help Desk: 412-396-4357 CONFIDENTIALITY NOTICE: The information contained in this transmission may contain privileged and confidential information protected by federal and state privacy laws. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Telfer, Will Sent: Wednesday, August 22, 2018 11:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Information Security Training We are considering requiring some form of information security training for all of our faculty & staff (currently the only required training in this area is for users that touch PCI related systems) which I know was a topic discussed recently on here...but I was hoping to get some more information on what resources you all used for the training - SANS, internally created, other options, etc. We are willing to consider long form or short form trainings so any options are good options at this point. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware<http://www.facebook.com/BearAware> This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Current thread:
- Information Security Training Telfer, Will (Aug 22)
- Re: Information Security Training Gomez, Joshua (Aug 22)
- Re: Information Security Training Michael Muto (Aug 22)
- Re: Information Security Training Barton, Robert W. (Aug 22)
- Re: Information Security Training Penn, Blake C (Aug 22)
- Re: Information Security Training Barton, Robert W. (Aug 22)
- Re: Information Security Training Robert Smith (Aug 22)
- Re: Information Security Training Penn, Blake C (Aug 22)
- Re: Information Security Training Barton, Robert W. (Aug 22)
- Re: Information Security Training Hiram Wong (Aug 22)
- Re: Information Security Training Jeff Choo (Aug 24)
- <Possible follow-ups>
- Re: Information Security Training George J. Silowash (Aug 22)