Educause Security Discussion mailing list archives
Re: Mandatory Security Training in Higher Education
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 19 Oct 2006 15:04:11 -0400
When any faculty, staff, student, or affiliate activates their campus account for the first time, they are taken through a series of web pages and quizzes covering elementary security awareness material. When a person subsequently changes their password, which they must do at least every 90 days, they are taken through a different set of web pages that are updated as circumstances and threats warrant. There is no quiz on this material so there is nothing stopping a person from clicking through it and responses to an automatically sent follow up survey indicate this is not uncommon. Other responses, however indicate the material is being taken seriously. The material consists of static web pages in a session whose flow is controlled by Mason. The material is not publicly accessible at this time for a variety of technical reasons that haven't been a priority to resolve. We have been writing the content in-house. We've discussed the pros and cons of getting professional teaching and presentation help several times but haven't yet taken that step. Every time someone goes through the material, they are sent an e-mail message with links to resources mentioned or displayed in the content, a link to the content itself, and a link to a web based survey. The survey asks about convenience, relevance, difficulty, and effectiveness and solicits suggestions. Most of the responses are supportive of the program with a fair number of complaints and a small number of colorful responses. Switching the password change policy from 190 days to 90 days increased the complaints somewhat so we're making an effort to cut down the amount of material and refresh it more often. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Re: Mandatory Security Training in Higher Education, (continued)
- Re: Mandatory Security Training in Higher Education Jim Dillon (Oct 18)
- Re: Mandatory Security Training in Higher Education Chad McDonald (Oct 18)
- Re: Mandatory Security Training in Higher Education Theresa M Rowe (Oct 19)
- Re: Mandatory Security Training in Higher Education Tracy Mitrano (Oct 19)
- Re: Mandatory Security Training in Higher Education Theresa M Rowe (Oct 19)
- Re: Mandatory Security Training in Higher Education Valdis Kletnieks (Oct 19)
- Re: Mandatory Security Training in Higher Education Jim Dillon (Oct 19)
- Re: Mandatory Security Training in Higher Education Jim Dillon (Oct 19)
- Re: Mandatory Security Training in Higher Education Roger Safian (Oct 19)
- Re: Mandatory Security Training in Higher Education Youngquist, Jason R. (Oct 19)
- Re: Mandatory Security Training in Higher Education Gary Flynn (Oct 19)
- Re: Mandatory Security Training in Higher Education James Moore (Oct 19)
- Re: Mandatory Security Training in Higher Education Jeff McCabe (Nov 06)