Educause Security Discussion mailing list archives
Re: Mandatory Awareness Training Enforcement
From: Alan Andersen <andersena () HUSSON EDU>
Date: Wed, 6 Jan 2021 14:04:10 -0500
We have found training our faculty and staff very effective in reducing folks falling for phishing schemes and being more aware before they click. We use a combination of annual training along with monthly simulated phishing and monthly tips/tricks. To start, we conducted a simulated phishing campaign to set a benchmark. I believe it was initially around 18%. Over two years we reduced that number to just under 5% which is well below the national average. It doesn't mean that we will never experience an incident of some type, but I do believe that our efforts have made us much safer. As far as compliance to the training goes, we do not hit 100% compliance. Mid 90's is about as good as we get. As someone else suggested and because us IT folks can be black and white sometimes, I'd love to be able to disable accounts until they complied, but culture wise, that is unlikely. *Alan Andersen* IT Project Manager *Ph: *207-941-7607 | *C: *207-852-9859 *Husson University* 1 College Circle Bangor ME 04401 On Wed, Jan 6, 2021 at 9:34 AM Menne, Michael S <michael.menne () mnsu edu> wrote:
How do you measure the mandated training to a reduction of risk in user behavior? Is the training effective at improving user behavior? Thank you, *Michael Menne, CISSP* *Chief Information Security Officer* *IT Solutions Information Security* *Minnesota State University, Mankato* *Phone: (507) 389-5705* *Cell: (507) 405-0717* https://mankato.mnsu.edu/cyberaware [image: signature_217893240] *Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.* *From: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Curt Kappenman < ckappenman () ANDERSONUNIVERSITY EDU> *Reply-To: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Tuesday, January 5, 2021 at 10:26 AM *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *Re: [SECURITY] Mandatory Awareness Training Enforcement We disable the user account at the beginning of the next quarter if they fail to complete the training. They must contact the security department to have their account enabled and take the required training. Curt Kappenman *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Pardonek, Jim *Sent:* Tuesday, January 5, 2021 11:14 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Mandatory Awareness Training Enforcement Happy New Year everyone! I know this has been rehashed a few times but it appears that some of the archival information that used to be on the educause site is no longer there. I’m looking for information from schools that mandate annual information security awareness training. My question is what enforcement means are you using to get compliance? This is much appreciated. Thanks! *James Pardonek, MS, CISSP, CEH, GSNA* *Associate Director* *Chief Information Security Officer* * Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 * * (**: (773) 508-6086* *Loyola University Chicago will never ask you for your username or password.* *For the latest information security news at Loyola, please follow us online,* *Twitter: @LUCUISO* *Facebook: https://www.facebook.com/lucuiso/ <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C60f17cc6c3584c064d1508d8b196a7b1%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637454607916403648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=X7%2F3yn9VcAk8adCGGQTc3aA4qGXfM7RgjSM7qOzzidg%3D&reserved=0>* *Our Blog http://blogs.luc.edu/uiso/ <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C60f17cc6c3584c064d1508d8b196a7b1%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637454607916413642%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sw5cM5DRJGsCzknp0d6mGNe%2BD0Eit7jRhED5tTHilGY%3D&reserved=0>* ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C60f17cc6c3584c064d1508d8b196a7b1%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637454607916413642%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0uHt0jJAGY0kYMV0GP2zvU7ho0729vXzI4ajUJ73SmQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C60f17cc6c3584c064d1508d8b196a7b1%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637454607916423639%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2B1nAkAEgGtGru4uvTB5QYNqV3GlP6xX%2FuO%2FIU%2BWG49w%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Mandatory Awareness Training Enforcement Pardonek, Jim (Jan 05)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 05)
- <Possible follow-ups>
- Re: Mandatory Awareness Training Enforcement Menne, Michael S (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Menne, Michael S (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Pardonek, Jim (Jan 06)
- Re: Mandatory Awareness Training Enforcement Curt Kappenman (Jan 06)
- Re: Mandatory Awareness Training Enforcement Alan Andersen (Jan 06)
- Re: Mandatory Awareness Training Enforcement Tanner, Andrea (Jan 07)