Educause Security Discussion mailing list archives
Re: Online Security Awareness Training
From: Ronald King <ronald.king () MORGAN EDU>
Date: Tue, 17 Jan 2017 21:36:10 -0500
We too use MediaPro. We rolled it out in November. We compared them with Wombat, SANS, and Awareity. The training is excellent and very customizable. We have had a lot of positive feedback from the candidates. We chose them because of the flexibility and the variety of modules. We expect other departments to use it for other types of training, such as PCI for Bookstore employees. Another positive is the interactive nature and various methods of training. Some include videos but many require the users to click to learn more or participate in various activities. The reports that are generated are very in depth and you can build teams (AKA departments) so others can manage, say the bookstore manager for PCI training mentioned a moment ago. However, we decided to use the LMS they partnered with. It is limited in many areas that we need from a management aspect. The training is mandatory for all faculty and staff. So, we must track progress. The LMS does not do this except to record when the user logged in or completed the training. I want to know if the % complete when a user stated they completed the training. The LMS limits you to one notification based on time. We really need more. We are manually sending messages out to users that are past due for training. I am at the point that I am looking at alternatives to move to for the LMS side even though we have two more years left. I looked at SANS before. Its good, especially for the HiEd price, but, when I tested it, it was all videos and it didn't track progress. I wanted more to keep candidates interested. Kyle, here a re few lessons learned and recommendations: - Take heed that the training is not compatible on cell phones. The biggest complaint is the users that have completed the training but have not had their scores recorded. Talk to MediaPro for more details on why this is. - Encourage the candidates to save their certificate of completion and assessment scores. If you have to track who has completed, this will be your fall back. - Make sure the candidate information is correct when importing the trainees. There is an option for accounts to automatically be created the first time they login if it doesn't exist. We have had dozens of duplicate accounts because email addresses we imported were aliases to what they actually login with. - Be prepared to manage each trainee individually once imported. After import, we found over 30 accounts that were no longer active and I had to deactivate each one manually. I welcome any questions as to our experience with MediaPro either here or offline. Ron *Ronald A. King, CISSP* Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln. Email: ronald.king () morgan edu Baltimore, MD 21251 URL: http://www.morgan.edu *Growing the future ... Leading the world* <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf> On Tue, Jan 17, 2017 at 3:31 PM, Johnson, Kyle A <KAJohnson () indianatech edu> wrote:
We are implementing training using the company MediaPro. Their courses are very customizable and can be rearranged very easily. The end of course assessment dynamically builds in the background as you are choosing topics as well. We are about a month away from rolling it out, so I am not sure what the performance will look like, but so far, I have been impressed with them and their products. Hope this helps. *Kyle Johnson*, GSEC, CEH Information Security Officer [image: INDTECH] kajohnson () indianatech edu / www.IndianaTech.edu <http://www.indianatech.edu/> O: 260-422-5561 x2107 <(260)%20422-5561> M: 260-343-1606 <(260)%20343-1606> 1600 E. Washington Blvd. / Fort Wayne, IN 46803 *PHISHING? Forward the email to abuse () indianatech edu <abuse () indianatech edu> for reporting and investigation* *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Baillio, Aaron *Sent:* Tuesday, January 17, 2017 3:26 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Online Security Awareness Training We just went with a company called Lawroom who had an excellent 50 minute security training. We had them break it up unto 5 different modules based on the information covered. They are a mix of video, reading and quizzes and is very professional and well done. Additionally, it comes 503 compliant and integrated into our existing LMS system. Very happy with it. B. Aaron Baillio, Sec+, CEH, CISSP *University of Oklahoma, Information Technology* Managing Director, Security Operations and Architecture O: 405-325-7948 <(405)%20325-7948> C: 254-400-6404 <(254)%20400-6404> Annual password changes are now required. Visit accounts.ou.edu to change your password today! *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Robert Smith *Sent:* Tuesday, January 17, 2017 1:59 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Online Security Awareness Training Hi, We too are using SANS for annual training. Feedback is generally positive. For year two, we added a shorter (~35 minute) refresher of the SANS training. We are looking at strategies for students and other ways to make the training more effective for faculty/researchers. Have a marvelous day, Robert Smith, CISSP, PMP Systemwide IT Policy Director *University of California* (510) 587-6244 (o) (510) 541-8103 (m) robert.smith () ucop edu *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Todd Britton *Sent:* Tuesday, January 17, 2017 11:51 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Online Security Awareness Training Hi Linda, We have used SANS Securing the Human very successfully for the past several years. Due to educational pricing, the cost was very low. Our faculty and staff have provided feedback that they like the training because it is concise, short in duration, and full of good information. We are kicking off a plan to augment this offering with face-to-face training to dive a little deeper. Happy to answer any questions you may have about our experience with SANS. Good luck! *Todd Britton, Ed.D.* *PMP, CSM, CISM, CRISC, ITILv3F, MCSE, CGEIT* Chief Information Officer (CIO) Associate Vice President Office of Information Technology *University of La Verne* 1950 Third Street | La Verne, California | 91750 Office: 909 448 4124 <(909)%20448-4124> Email or Video call: tbritton () laverne edu laverne.edu [image: University of La Verne 125th Anniversary: Generations of Transforming Lives] *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Ludwig, Linda *Sent:* Tuesday, January 17, 2017 11:38 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Online Security Awareness Training I am researching online solutions for on-demand online security awareness training for our faculty/staff. I did a search of the archives and did not find any recent discussion of the topic since 2010 or so. So I was hoping I could get some recent reviews of what is available for online information security awareness. So far I have looked at SANS, Knowb4, and Inspire eLearning. I am interested in learning what other colleges are using and if you have any reviews on the three I mentioned or others. Thank you for your assistance, Linda Ludwig Information Security Awareness Specialist Grinnell College ludwigl () grinnell edu
Current thread:
- Online Security Awareness Training Ludwig, Linda (Jan 17)
- Re: Online Security Awareness Training Jones, Justin (Jan 17)
- Re: Online Security Awareness Training Todd Britton (Jan 17)
- Re: Online Security Awareness Training Robert Smith (Jan 17)
- Re: Online Security Awareness Training Baillio, Aaron (Jan 17)
- Re: Online Security Awareness Training Johnson, Kyle A (Jan 17)
- Re: Online Security Awareness Training Adam Maynard (Jan 17)
- Re: Online Security Awareness Training Ronald King (Jan 17)
- Re: Online Security Awareness Training Robert Smith (Jan 17)
- Re: Online Security Awareness Training Viegas, George (Jan 17)
- Re: Online Security Awareness Training Ludwig, Linda (Jan 18)
- <Possible follow-ups>
- Re: Online Security Awareness Training Hudson, Edward (Jan 17)
- Re: Online Security Awareness Training Ken Connelly (Jan 17)