Educause Security Discussion mailing list archives

Re: Mandatory IT Security training

From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 24 Jul 2018 15:51:18 +0000

Hi Brent,

The 2016 CDS Spotlight: Information Security has some information on the second page about institutions with infosec 
training and whether it’s mandatory for faculty/staff or students. 
https://library.educause.edu/resources/2016/8/cds-spotlight-information-security

The 2018 CDS<https://www.educause.edu/cds> survey recently launched, so we will have new infosec module data available 
for comparison in early 2019.

Thank you,
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of WALTER KERNER <walter_kerner () 
FITNYC EDU>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, July 24, 2018 at 8:34 AM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Mandatory IT Security training

Hi Brent.  We require some basic IT Sec training:  things like recognizing phishing, good password practices, and a 
general awareness module.  However, there isn’t much enforcement behind the requirement.

We also require more specific training for people who handle credit cards, per PCI requirements.



Walter Kerner
AVP and CISO
[Image removed by sender. blue]
333 7th Avenue, 13th Floor
New York, NY 10001
Voice: 212-217-3415

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Haselhoff, Brent
Sent: Tuesday, July 24, 2018 11:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Mandatory IT Security training

Hi Everyone,

We are currently evaluating our mandatory IT security training policies and procedures.  Does your university require 
IT security training for all employees?  If so, what topics are covered?  Do you require this training in order to stay 
compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training 
annually or just upon hire?
Thanks
Brent


Brent Haselhoff
Manager, IT Security and Identity Management
brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu>
270-745-2012

Current thread:

Mandatory IT Security training Haselhoff, Brent (Jul 24)
- Re: Mandatory IT Security training WALTER KERNER (Jul 24)
  - Re: Mandatory IT Security training Valerie Vogel (Jul 24)
    - Re: Mandatory IT Security training John Chapman (Jul 24)
- Re: Mandatory IT Security training Pardonek, Jim (Jul 24)
- Re: Mandatory IT Security training Hiram Wong (Jul 24)
  - Re: Mandatory IT Security training Telfer, Will (Jul 24)
- Re: Mandatory IT Security training Gomez, Joshua (Jul 24)
  - Re: Mandatory IT Security training Barton, Robert W. (Jul 24)
    - Re: Mandatory IT Security training Ronald King (Jul 31)
    - Re: Mandatory IT Security training Dan Lewis (Jul 31)
- Re: Mandatory IT Security training Sharkirah Foote (Jul 24)
- Re: Mandatory IT Security training Andrew Chiarello (Jul 24)

(Thread continues...)