Educause Security Discussion mailing list archives
Re: Security training/conference for senior executives
From: Brad Judy <brad.judy () CU EDU>
Date: Wed, 30 Aug 2017 16:01:15 +0000
Personally, I would not send senior executives to third-party security training. Develop your own training session that covers your institutions risks, policies, resources, etc. in the context of the broader information security landscape. Help them make the connections between what they might hear in the news and what that means to your campus. Give them a chance to ask about how it impacts specific topics of concern to them. Get more in-person time with them to build trust. It also forces you to be able to answer a lot of questions they might have: · Does (HIPAA, GLBA, EU GDPR, FISMA, PCI, etc.) apply to us? · What would a breach cost us? · Would our insurance cover that? · How many records with SSNs do we have? · How much do we spend on information security? · What things do we do to protect data? · Do we store sensitive information with third-parties? · How/when do we engage with law enforcement? · What about this thing I heard in the news? Even if it means spending a good chunk of time getting multiple face-to-face meetings scheduled, spending 30-60 minutes with each senior executive (or them as a group) can have immense value in building their understanding of the issues and their trust in you to chart a path to address them. Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu/> [u-logo_fl] From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Alan Bowen <abowen () FANDM EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, August 30, 2017 at 8:13 AM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Security training/conference for senior executives Hello, Can anyone recommend a short training session or conference for senior executive(s) that are not information security practitioners? The goal is to raise their level of knowledge about information security topics. I’ve had the benefit of attending SANS training but the appropriate classes seem to be five days long and that’s simply not going to work. — Alan Bowen Chief Information Security Officer Franklin and Marshall College
Current thread:
- Security training/conference for senior executives Alan Bowen (Aug 30)
- Re: Security training/conference for senior executives Jones, Justin (Aug 30)
- Re: Security training/conference for senior executives Brad Judy (Aug 30)
- Re: Security training/conference for senior executives Frank Barton (Aug 30)
- Re: Security training/conference for senior executives Charles Curtis (Aug 30)
- Re: Security training/conference for senior executives Frank Barton (Aug 30)
- Re: Security training/conference for senior executives Radhakrishnan, Rashmi (Aug 30)
- Re: Security training/conference for senior executives Greg Williams (Aug 30)
- <Possible follow-ups>
- Re: Security training/conference for senior executives John Kristoff (Aug 30)