Re: Mandatory IT Security training

[Sharkirah Foote <footese () OIT RUTGERS EDU>]

At Rutgers Biomedical and Health Sciences we have mandatory, annual compliance training for our Code of Conduct, as 
well as for HIPAA compliance.  I get to provide training content to these modules regarding basic IT security concepts. 
 In our Education, Training and Awareness Policy we do hold Deans and senior management of the various schools and 
units responsible for ensuring that all members of their staff are trained in required Information Security concepts.

To assist the schools and units in the above effort, I conduct various types of Awareness and Education sessions that 
are not mandatory.  I also partner with senior management at the various schools and units to create customized 
training programs if there are identified issues that appear to not be addressed with the mandatory training.

During the new hire orientation process, I provide training materials and a presentation on IT security.  So, the 
university addresses IT security annually and upon hire.

I hope this helps.

[cid:image001.png@01D42346.985299A0]

Sharkirah E. Foote
Information Security Trainer
OIT/IPS - Information Security Office
Rutgers Biomedical and Health Sciences
30 Bergen Street, Newark, NJ  07107
P 973.972.1832   | F 973.972.1213  | rusecure.rutgers.edu

CONFIDENTIALITY NOTICE: This email communication may contain private, confidential, or legally privileged information 
intended for the sole use of the designated and/or duly authorized recipient(s). If you are not the intended recipient 
or have received this email in error, please notify the sender immediately by email and permanently delete all copies 
of this email including all attachments without reading them. If you are the intended recipient, secure the contents in 
a manner that conforms to all applicable state and/or federal requirements related to privacy and confidentiality of 
such information.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Haselhoff, Brent
Sent: Tuesday, July 24, 2018 11:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mandatory IT Security training

Hi Everyone,

We are currently evaluating our mandatory IT security training policies and procedures.  Does your university require 
IT security training for all employees?  If so, what topics are covered?  Do you require this training in order to stay 
compliant with some sort of regulation, or are you doing it because it is best practice? Do you require this training 
annually or just upon hire?
Thanks
Brent


Brent Haselhoff
Manager, IT Security and Identity Management
brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu>
270-745-2012