Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mandatory IT Security training

From: "Penn, Blake C" <blake.penn () SECURITY GATECH EDU>
Date: Tue, 24 Jul 2018 19:16:51 +0000
We require on-hire and annual general cybersecurity training as a part of our Institute's compliance campaign.  We vary 
the training by focusing on different topics every year.

We have specialized training for DFARS but don't manage that training in cyber.  We take just about everything out of 
scope for PCI DSS other than a handful of one-card-at-a-time transmit-only systems so we don't require any specialized 
training there.


Regards,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Haselhoff, Brent
Sent: Tuesday, 24 July, 2018 11:09
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mandatory IT Security training

Hi Everyone,

We are currently evaluating our mandatory IT security training policies and procedures.  Does your university require 
IT security training for all employees?  If so, what topics are covered?  Do you require this training in order to stay 
compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training 
annually or just upon hire?
Thanks
Brent


Brent Haselhoff
Manager, IT Security and Identity Management
brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu>
270-745-2012
Previous By Date Next
Previous By Thread Next

Current thread: