Re: Mandatory IT Security training

[Andrew Chiarello <achiarello () BRYNMAWR EDU>]

Hi Brent,

Here are the answers for Bryn Mawr College. You can read more about our program here: 
http://lits.blogs.brynmawr.edu/7927

Does your university require IT security training for all employees?
Yes.

If so, what topics are covered?
It depends who you are and what College data you have access to. In addition to data handling and account privacy 
basics, those with access to student records have a FERPA module, and those with access to financial records have 
additional standards to review.

Do you require this training in order to stay compliant with some sort of regulation, or are you doing it because it is 
best practice?
Best practice and to mitigate risk to the College.

Do you require this training annually or just upon hire?
Both.



Andrew J. Chiarello

Lead Engineer, Infrastructure & Systems

Bryn Mawr College

achiarello () brynmawr edu

(610) 526-7966

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Haselhoff, 
Brent <brent.haselhoff () WKU EDU>
Sent: Tuesday, July 24, 2018 11:08:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mandatory IT Security training


Hi Everyone,



We are currently evaluating our mandatory IT security training policies and procedures.  Does your university require 
IT security training for all employees?  If so, what topics are covered?  Do you require this training in order to stay 
compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training 
annually or just upon hire?

Thanks

Brent





Brent Haselhoff

Manager, IT Security and Identity Management

brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu>

270-745-2012