Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.

Published byDaniela Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015."— Presentation transcript:

1 Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015

2 Our Mission Security and Awareness Activities at Ohio University

3 Training Guidelines  The training and awareness model will be a centralized model per NIST SP800-50 definition (All responsibility resides with a central authority). o The authority will fall under the direction of the OIT Security department with the bulk of the responsibilities centered on the security analyst(s).

4 Audience and Scope  The audience will consist of all levels and type of users within the Ohio University network. This should encompass and include any entity (local or third-party) having access or interaction with Ohio University OIT systems and data. This scope allows for various trainings and awareness activities to ensure the security of the Ohio University data and digital infrastructure.

5 Central Authority Training Model

6 Training Categories  As defined in NIST SP800-50 Section 2 and SP800-16, the IT Security Learning Continuum provides a multi-level approach to the types of educational activities offered by this program. All activities should be classified and documented into the following categories: o Awareness o Training o Education o Professional Development

7 Awareness Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

8 Training Training strives to produce relevant and needed security skills and competencies.

9 Education Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge... and strives to produce IT security specialists and professionals capable of vision and pro-active response.

10 Professional Development Professional development is intended to ensure that users, from beginner to the career security professional, possess a required level of knowledge and competence necessary for their roles. Professional development validates skills through certification. Such development and successful certification can be termed “professionalization.” The preparatory work to testing for such a certification normally includes study of a prescribed body of knowledge or technical curriculum, and may be supplemented by on-the-job experience.

11 Proactive vs. Reactive Security and Awareness is meant to be a proactive security function Bring Awareness to potential threat agents Inform and train users of new security functions and procedures A means to move information and communicate with users Deliver new security issues to the community Open a two way street for security concerns and communication

12 Awareness and Training Cycle

13 Cycle

14 What Do We Offer for YOU

15 Security Office Offerings Securing the Human awareness modules Securing the University training or awareness modules Face-to-Face Awareness or training Sessions Content specialist at events or department meetings

16 Securing the Human SANS

17 SANS Provided Materials Currently located in OU Blackboard Access is as easy as contacting the security department

18 http://blackboard.ohio.edu

19 Securing the Human - General

20 SANS Video

21 SANS Quiz

22 Benefits Completing the Securing the Human series: Adds good-faith awareness training for compliance laws (HIPAA, FERPA, PCI) Awareness training is reviewed by Internal Audit process and credit is received for all completed materials Bring awareness to possible security threats to your data

23 Securing the University Coming Soon

24 Locally built Created in-house to respond to OU specific risks Can be used a training tool to respond to new technology securely Can be catered to specific requests and directed to requesting department. Custom training can be mixed between Securing the Human and Securing the University videos with administrative access given to requesting department for auditing purposes.

25 Sample https://ohio.qualtrics.com/jfe/preview/SV_8DrGQL0L9BLP uL3 https://ohio.qualtrics.com/jfe/preview/SV_8DrGQL0L9BLP uL3 Video - https://www.youtube.com/watch?v=Di-jbFlyUDQhttps://www.youtube.com/watch?v=Di-jbFlyUDQ

26 Face-to-Face Brown Bags, Department Workshops, and Staff Meetings

27 Face-to-Face Delivery Available to train departments Brown bag sessions Department meetings Departmental retreats Orientation Training credit is tracked for Internal Audits Customizable Interactive Q&A

28 ITSS (Information Technology Security Seminar) Held on an annual basis Focus is given for multiple crowds Technical General University Public Awareness activities with light training

29 SANS Training

30 SANS Online Training In-Depth technical modules More technical and catered to IT community and IT policy managers University receives discount on training modules Between 12 and 24 purchased annually https://www.sans.org/ondemand/

31 Brad Reed – IT Security Analyst reedb1@ohio.edu 740-593-9886 Thank You for your time!

Download ppt "Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015."

Similar presentations

Global Congress Global Leadership Vision for Project Management.

Global Congress Global Leadership Vision for Project Management.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
An e-Learning Strategy to promote technology enabled learning i n UCC Teaching & Learning workshop 30 October, 2012.

An e-Learning Strategy to promote technology enabled learning i n UCC Teaching & Learning workshop 30 October, 2012.
The HIPAA specialists Partnership Discussion A Winning Partnership for HIPAA E-learning Solutions John Danaher HIPAA Summit V.

The HIPAA specialists Partnership Discussion A Winning Partnership for HIPAA E-learning Solutions John Danaher HIPAA Summit V.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Security Controls – What Works

Security Controls – What Works
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Computer Security: Principles and Practice

Computer Security: Principles and Practice
project management office(PMO)

project management office(PMO)
Information Security Awareness, Assessment, and Compliance A Success Story 1.

Information Security Awareness, Assessment, and Compliance A Success Story 1.
Information Security Awareness and Training Program: Taking your program from training to awareness By: Chandos J. Carrow, CISSP System Office - Information.

Information Security Awareness and Training Program: Taking your program from training to awareness By: Chandos J. Carrow, CISSP System Office - Information.
1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.

1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.
Dr. David A. Kaiser Marie Whitaker Brigham Young University NACADA Region 10 Albuquerque, NM.

Dr. David A. Kaiser Marie Whitaker Brigham Young University NACADA Region 10 Albuquerque, NM.
1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.

1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.
Slide 5.1. Topics & Learning Goals Review definition & Axioms How to select right channels Introduce 4 different models for building multichannel online-offline.

Slide 5.1. Topics & Learning Goals Review definition & Axioms How to select right channels Introduce 4 different models for building multichannel online-offline.
Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.

Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Similar presentations

Ads by Google