Re: Mandatory IT Security training

[WALTER KERNER <walter_kerner () FITNYC EDU>]

Hi Brent.  We require some basic IT Sec training:  things like recognizing
phishing, good password practices, and a general awareness module.
However, there isn’t much enforcement behind the requirement.



We also require more specific training for people who handle credit cards,
per PCI requirements.







Walter Kerner

AVP and CISO

[image: blue]

333 7th Avenue, 13th Floor

New York, NY 10001

Voice: 212-217-3415



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Haselhoff, Brent
*Sent:* Tuesday, July 24, 2018 11:09 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Mandatory IT Security training



Hi Everyone,



We are currently evaluating our mandatory IT security training policies and
procedures.  Does your university require IT security training for all
employees?  If so, what topics are covered?  Do you require this training
in order to stay compliant with some sort of regulation, or are you doing
it because it is best practice? Do you require this training annually or
just upon hire?

Thanks

Brent





Brent Haselhoff

Manager, IT Security and Identity Management

brent.haselhoff () wku edu

270-745-2012