Re: Mandatory Awareness Training Enforcement

["Tanner, Andrea" <atanner3 () CCBCMD EDU>]

Hello Michael,

Several years ago I watched an annual SANS Security Awareness Report presentation and they mentioned a document in the 
Q&A portion called the Interactive Matrix for Metrics. I got a copy of it from the Director there (Excel document) and 
it has been a great resource for me in thinking this question through.  Below is a screenshot of part of one of the 
tabs just to provide a few ideas in the area of “behaviors”.  I really like what they have put together and it might 
help you think about how to measure training effectiveness in a variety of ways.  If anyone wants a copy I am happy to 
send it out (email me at atanner3 () ccbcmd edu).  I didn’t attach here because I am not sure if the list accepts 
attachments.

[cid:image001.png@01D6E4F4.83C669E0]

Happy New Year,

Andrea
Pronouns: She/Her/Hers

Andrea Tanner, M.S.   | Senior Director, Technology Support | Community College of Baltimore County
Phone: 443-840-4155  | Catonsville Campus CLLB 104B            | atanner3 () ccbcmd edu<mailto:atanner3 () ccbcmd edu>
CCBC. The incredible value of education.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Menne, Michael 
S" <michael.menne () MNSU EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, January 6, 2021 at 9:34 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Mandatory Awareness Training Enforcement

CAUTION: This email originated from outside of CCBC. Do not click links or open attachments unless you recognize the 
sender and know the content is safe.

How do you measure the mandated training to a reduction of risk in user behavior?  Is the training effective at 
improving user behavior?

Thank you,

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
Cell: (507) 405-0717
https://mankato.mnsu.edu/cyberaware<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmankato.mnsu.edu%2Fcyberaware&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611054107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5%2BVwhdvjsAXNCwQSpSIowjmDeZ6B%2Bhe6npCI9T9LIAc%3D&reserved=0>

[signature_217893240]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Curt Kappenman 
<ckappenman () ANDERSONUNIVERSITY EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, January 5, 2021 at 10:26 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Mandatory Awareness Training Enforcement

We disable the user account at the beginning of the next quarter if they fail to complete the training.  They must 
contact the security department to have their account enabled and take the required training.
Curt Kappenman

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Tuesday, January 5, 2021 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mandatory Awareness Training Enforcement

Happy New Year everyone!

I know this has been rehashed a few times but it appears that some of the archival information that used to be on the 
educause site is no longer there.

I’m looking for information from schools that mandate annual information security awareness training.

My question is what enforcement means are you using to get compliance?

This is much appreciated.

Thanks!

James Pardonek, MS, CISSP, CEH, GSNA
Associate Director
Chief Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the latest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: 
https://www.facebook.com/lucuiso/<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611054107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GceG5CmOzpaTGnQt%2BnYOkiOWFTIJ%2F9fOmO931u1KpDE%3D&reserved=0>
Our Blog 
http://blogs.luc.edu/uiso/<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611064108%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NfEwKaT0YZsqSFDoAPU2BRpR0TbBo6XFO0HyK2tV0NQ%3D&reserved=0>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611074096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YeyjsECnGJJD5IYNWYclG8wO5z8C%2FN7HwycEZ1StYEA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611074096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YeyjsECnGJJD5IYNWYclG8wO5z8C%2FN7HwycEZ1StYEA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Catanner3%40CCBCMD.EDU%7Cb4e0938890b14ff7d55508d8b25025ca%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637455404611084095%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZNmARBI%2BPeupi9E9iCsgeeGqQav%2FNFebvUmrWeKNd1E%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community