[CoIT-Security] Security training @ SWOSU

[Mason, Rene]

This weekend I will be pulling some things together with what I currently use and then start looking for ideas.  I am not sure what visions or other avenues other might be thinking about for training.

Here are some quick things I have thought about that we can discuss as starting points which may lead trigger other thoughts.  I think this might be a good starting block to generate conversation.

Email/Phishing security (this is mainly what I do)
Account/Password security  - best practice for users (do's and don'ts);  This may trigger what IT should consider for single sign-on pros & con
Web surfing security
Importance of guarding PII
Is training for student  vs. faculty/staff handled differently
What methods of training/awareness initiatives  (online, in person, posters, student activities etc.)

Let me know if there are any other ideas and how we want to move forward from here.

Rene'

From: Biggers, Anna L. [mailto:abiggers at ou.edu]
Sent: Friday, September 09, 2016 9:06 AM
To: Mason, Rene <rene.mason at swosu.edu>; CoIT-Security at lists.onenet.net
Subject: RE: Security training @ SWOSU

This is great!  Sounds like you are further along than some of us.  Once I get the repository set up, I hope you will post some of your content there.  I would also ask you to consider facilitating a conversation - perhaps where you share some of your content and what you are doing, and then generate a conversation or Q&A from the group.  Let me know if you are up for it!

Thanks again - glad to have you as part of the group!
Anna

From: coit-security-bounces at lists.onenet.net<mailto:coit-security-bounces at lists.onenet.net> [mailto:coit-security-bounces at lists.onenet.net] On Behalf Of Mason, Rene
Sent: Wednesday, September 7, 2016 8:32 PM
To: CoIT-Security at lists.onenet.net<mailto:CoIT-Security at lists.onenet.net>
Subject: [CoIT-Security] Security training @ SWOSU

Hello,

I am the network administrator for Southwestern Oklahoma State University.  Per the meeting we had yesterday,  we do "some security training" for all of our staff.  All new employees go through a orientation session.  I have a segment in this training.  I go over account information and then I transition to a section on security.  My main emphasis is on phishing emails by going over emails and point out various red flags to look for in emails.  Then I end with a few tips on things to keep their SWOSU and personal accounts more secure and tips of how to keep some of their personal data safe; hoping that making it personal for them.

I have been planning on making security training to be a required online testing to be done 2-4 time a year with different parts of security in each section (15 minutes of time).  All SWOSU employees have mandated online training require.  The trainings varies with yearly, twice a year and 4 times a year.  This will fit in with those.  I just visited with our HR department today and they are in agreement with this.

We are also looking at incorporating something like this for students as well.  Student receive a quarterly email from us warning about phishing emails.  Since we have quite a bit more trouble students, we are toying with the idea of making them take test or possible view a video before we reactive their accounts if they are shutdown do to becoming compromised.

We have already been planning for October cybersecurity month.  We have posters made up and have been handing out information.  We just had an organizational fair in order to get students to our booth we had a drawing for some prizes.

I know we are not doing much at this time but would like to do more as we move forward.  I look forward to getting more ideas.

Rene' Mason
Southwestern Oklahoma State University
Network Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20160914/1494041b/attachment.html>