Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.

Slides:

Advertisements

Similar presentations

Global Congress Global Leadership Vision for Project Management.

Advertisements

Course: e-Governance Project Lifecycle Day 1

BENEFITS OF SUCCESSFUL IT MODERNIZATION

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

An e-Learning Strategy to promote technology enabled learning i n UCC Teaching & Learning workshop 30 October, 2012.

The HIPAA specialists Partnership Discussion A Winning Partnership for HIPAA E-learning Solutions John Danaher HIPAA Summit V.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Security Controls – What Works

By Collin Smith COBIT Introduction By Collin Smith

Computer Security: Principles and Practice

project management office(PMO)

Information Security Awareness, Assessment, and Compliance A Success Story 1.

Information Security Awareness and Training Program: Taking your program from training to awareness By: Chandos J. Carrow, CISSP System Office - Information.

1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.

Dr. David A. Kaiser Marie Whitaker Brigham Young University NACADA Region 10 Albuquerque, NM.

1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.

Slide 5.1. Topics & Learning Goals Review definition & Axioms How to select right channels Introduce 4 different models for building multichannel online-offline.

Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Release & Deployment ITIL Version 3

GOVERNANCE ELECTRONIC. ” “ E-Governance is the application of Information and Communication Technology (ICT) for delivering government services, exchange.

Learning with a Purpose: Learning Management Systems Patti Holub, Director District Initiatives and Special Projects Miguel Guhlin, Director Instructional.

FISSEA Target Training in 2005 March 22, 2005 Marirose Coulson Proprietary Writing a Strategic Security Training Plan This document.

Franklin University Dr. Lewis Chongwony, Instructional Designer

A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’

Student Learning Objectives 1 Phase 3 Regional Training April 2013.

Tourism Skills Delivery: Sharing Tourism Knowledge Online 1.

An Educational Computer Based Training Program CBTCBT.

Laboratory Biorisk Management Standard CWA 15793:2008

Implementing Security Education, Training, and Awareness Programs

-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

“Business Performance Management” Corporate Performance Management “The Importance of Integrity” Facilitated by: Warren White VP – Change Acceleration.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

SCSC 311 Information Systems: hardware and software.

MD Digital Government Summit, June 26, Maryland Project Management Oversight & System Development Life Cycle (SDLC) Robert Krauss MD Digital Government.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

ITRM - Service Portfolio/Catalog Guillermo Trevino ITRM- Graduate Technology Assistant Texas A&M University 05/22/2012.

Summary of Local Seminars & Focus Groups 20/06/ Athens WP8 – TESTING II coordinated by IFI.

Seamus Ross Director, HATII & ERPANET Associate Director of DCC Services Funders: Service Definition & Delivery Digital Curation Centre a centre of expertise.

Making your campus accessible Hadi Rangin Jon Gunderson.

Information Technology Security (ITS) Training Carolyn Schmidt Program Manager Information Technology Security (ITS) Awareness, Training, and Education.

IT SERVICE MANAGEMENT (ITSM). ITIL\ITSM OVERVIEW  ITIL Framework.

Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.

Improving IT Effectiveness with a Vista-based Training Program July 11, 2007 Beatriz Potter /Jon Sizemore Valdosta State University.

4Faculty.org Online Professional Development Resources.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Training and Developing Employees 3 Behavioral Objectives s Describe the basic training process. s Explain the nature of at least five training.

Student Learning Objectives 1 SCEE Summit Student Learning Objectives District Professional Development is the Key 2.

The Claromentis Digital Workplace An Introduction

A Professional Development Series from the CDC’s Division of Population Health School Health Branch Professional Development 101: The Basics – Part 1.

An Independent Licensee of the Blue Cross and Blue Shield Association Blue Cross of Idaho ONLINE LEARNING CENTER March 10, 2015.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

Scottish Local Authority Chief Internal Auditors Group Conference - June 2013.

Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.

“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.

CMCSS Digital Blended Learning Introduction – Session 1 The Case for Blended Learning The CMCSS Vision And Purpose End of Year 1 (16-17) Expectations.

The International Society for Quality in Health Care (ISQua) – Guidelines.

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

Program Quality Assurance Process Validation

Procuring Accessible IT at the University of Washington: Background, Policy, Guidelines, Checklist, Resources Sheryl Burgstahler, Director Accessible Technology.

Clinical Research Coordinator Training Initiative

EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO

The Basics of Information Systems

A benefit included in your Enterprise Solutions Membership

Personal Academic Tutoring

The Basics of Information Systems

Presentation transcript:

Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015

Our Mission Security and Awareness Activities at Ohio University

Training Guidelines  The training and awareness model will be a centralized model per NIST SP definition (All responsibility resides with a central authority). o The authority will fall under the direction of the OIT Security department with the bulk of the responsibilities centered on the security analyst(s).

Audience and Scope  The audience will consist of all levels and type of users within the Ohio University network. This should encompass and include any entity (local or third-party) having access or interaction with Ohio University OIT systems and data. This scope allows for various trainings and awareness activities to ensure the security of the Ohio University data and digital infrastructure.

Central Authority Training Model

Training Categories  As defined in NIST SP Section 2 and SP800-16, the IT Security Learning Continuum provides a multi-level approach to the types of educational activities offered by this program. All activities should be classified and documented into the following categories: o Awareness o Training o Education o Professional Development

Awareness Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

Training Training strives to produce relevant and needed security skills and competencies.

Education Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge... and strives to produce IT security specialists and professionals capable of vision and pro-active response.

Professional Development Professional development is intended to ensure that users, from beginner to the career security professional, possess a required level of knowledge and competence necessary for their roles. Professional development validates skills through certification. Such development and successful certification can be termed “professionalization.” The preparatory work to testing for such a certification normally includes study of a prescribed body of knowledge or technical curriculum, and may be supplemented by on-the-job experience.

Proactive vs. Reactive Security and Awareness is meant to be a proactive security function Bring Awareness to potential threat agents Inform and train users of new security functions and procedures A means to move information and communicate with users Deliver new security issues to the community Open a two way street for security concerns and communication

Awareness and Training Cycle

Cycle

What Do We Offer for YOU

Security Office Offerings Securing the Human awareness modules Securing the University training or awareness modules Face-to-Face Awareness or training Sessions Content specialist at events or department meetings

Securing the Human SANS

SANS Provided Materials Currently located in OU Blackboard Access is as easy as contacting the security department

Securing the Human - General

SANS Video

SANS Quiz

Benefits Completing the Securing the Human series: Adds good-faith awareness training for compliance laws (HIPAA, FERPA, PCI) Awareness training is reviewed by Internal Audit process and credit is received for all completed materials Bring awareness to possible security threats to your data

Securing the University Coming Soon

Locally built Created in-house to respond to OU specific risks Can be used a training tool to respond to new technology securely Can be catered to specific requests and directed to requesting department. Custom training can be mixed between Securing the Human and Securing the University videos with administrative access given to requesting department for auditing purposes.

Sample uL3 uL3 Video -

Face-to-Face Brown Bags, Department Workshops, and Staff Meetings

Face-to-Face Delivery Available to train departments Brown bag sessions Department meetings Departmental retreats Orientation Training credit is tracked for Internal Audits Customizable Interactive Q&A

ITSS (Information Technology Security Seminar) Held on an annual basis Focus is given for multiple crowds Technical General University Public Awareness activities with light training

SANS Training

SANS Online Training In-Depth technical modules More technical and catered to IT community and IT policy managers University receives discount on training modules Between 12 and 24 purchased annually

Brad Reed – IT Security Analyst Thank You for your time!