Educause Security Discussion mailing list archives
Re: Mandatory IT Security training
From: John Chapman <John.Chapman () JISC AC UK>
Date: Tue, 24 Jul 2018 16:08:21 +0000
It’s a different country, but you may be interested in the latest survey findings from the UK that shows that 57% UK universities have mandatory security awareness training for their staff and 29% have optional training available. See slide 35 for details: https://community.jisc.ac.uk/groups/security-products-and-services/article/cyber-security-posture-survey-2018-how-secure-are-you John – Dr John Chapman Head of security operations centre M 07468 727058 Twitter <http://twitter.com/chapman_john> http://twitter.com/chapman_john Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valerie Vogel Sent: 24 July 2018 16:51 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Mandatory IT Security training Hi Brent, The 2016 CDS Spotlight: Information Security has some information on the second page about institutions with infosec training and whether it’s mandatory for faculty/staff or students. https://library.educause.edu/resources/2016/8/cds-spotlight-information-security The 2018 CDS <https://www.educause.edu/cds> survey recently launched, so we will have new infosec module data available for comparison in early 2019. Thank you, Valerie Valerie Vogel Senior Manager, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | twitter: @HEISCouncil | <mailto:vvogel () educause edu> vvogel () educause edu From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on behalf of WALTER KERNER <walter_kerner () FITNYC EDU <mailto:walter_kerner () FITNYC EDU> > Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Date: Tuesday, July 24, 2018 at 8:34 AM To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Mandatory IT Security training Hi Brent. We require some basic IT Sec training: things like recognizing phishing, good password practices, and a general awareness module. However, there isn’t much enforcement behind the requirement. We also require more specific training for people who handle credit cards, per PCI requirements. Walter Kerner AVP and CISO 333 7th Avenue, 13th Floor New York, NY 10001 Voice: 212-217-3415 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> ] On Behalf Of Haselhoff, Brent Sent: Tuesday, July 24, 2018 11:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Mandatory IT Security training Hi Everyone, We are currently evaluating our mandatory IT security training policies and procedures. Does your university require IT security training for all employees? If so, what topics are covered? Do you require this training in order to stay compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training annually or just upon hire? Thanks Brent Brent Haselhoff Manager, IT Security and Identity Management <mailto:brent.haselhoff () wku edu> brent.haselhoff () wku edu 270-745-2012
Attachment:
smime.p7s
Description:
Current thread:
- Mandatory IT Security training Haselhoff, Brent (Jul 24)
- Re: Mandatory IT Security training WALTER KERNER (Jul 24)
- Re: Mandatory IT Security training Valerie Vogel (Jul 24)
- Re: Mandatory IT Security training John Chapman (Jul 24)
- Re: Mandatory IT Security training Valerie Vogel (Jul 24)
- Re: Mandatory IT Security training Pardonek, Jim (Jul 24)
- Re: Mandatory IT Security training Hiram Wong (Jul 24)
- Re: Mandatory IT Security training Telfer, Will (Jul 24)
- Re: Mandatory IT Security training Gomez, Joshua (Jul 24)
- Re: Mandatory IT Security training Barton, Robert W. (Jul 24)
- Re: Mandatory IT Security training Ronald King (Jul 31)
- Re: Mandatory IT Security training Dan Lewis (Jul 31)
- Re: Mandatory IT Security training Barton, Robert W. (Jul 24)
- Re: Mandatory IT Security training WALTER KERNER (Jul 24)
- Re: Mandatory IT Security training Sharkirah Foote (Jul 24)
- Re: Mandatory IT Security training Andrew Chiarello (Jul 24)
- Re: Mandatory IT Security training Scott Gennari (Jul 24)