Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mandatory IT Security training

From: Scott Gennari <sgennari () SIMONS-ROCK EDU>
Date: Tue, 24 Jul 2018 13:12:04 -0400
On 07/24/2018 11:08 AM, Haselhoff, Brent wrote:


Hi Everyone,
We are currently evaluating our mandatory IT security training policies and procedures.  Does your university require IT security training for all employees?  If so, what topics are covered?  Do you require this training in order to stay compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training annually or just upon hire? 




Hi Brent,
State regulation  (MA  201 CMR 17.00) requires our college to provide annual security training for all of our employees. We have chosen to go with SANS 'Securing the Human' training modules that cover email, phishing, messaging, social media, working remotely, security @ home, insider threats, Gramm Leach Billey Act, international travel, EU GDPR, Help Desk/IT staff functions among a few others.
We are still pushing to get all our of existing employees to take and complete these online training module just once ... but annual training is our goal. 

Scott

--
Scott Gennari
ITS System Administrator
Bard College at Simon's Rock
Previous By Date Next
Previous By Thread Next

Current thread: