Main Nav

Hello all,

 

I’m considering sending some staff to training (and/or certification) on HIPAA and PCI-DSS.  This should be classes targeted for security analysts who work on compliance assessments.

 

What good or bad experiences have EDUCAUSE folks had?  Any recommendations?  Companies to avoid?

 

I don’t want to send staff to training that doesn’t add value to what they already know or can pick up from reading the compliance documents.

 

Thanks,

ajw

--

A. J. Wright 
Chief Information Security Officer

 

University of Tennessee – System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN  37996-1717
Phone:  865-974-0637

Email: ajw@tennessee.edu

 

Comments

The real question is, does any good training even exist for the HIPAA security rule?  There is a ton of training for the privacy bits and for office staff.  Very little to nothing for the security side as far as I have found.

 

Dan Basile

Information Security Officer

Texas A&M Health Science Center

 

Hi A.J.,

 

Might I suggest you consider a more holistic approach and rather than sending folks to targeted HIPAA or PCI training, target key staff for possible CISSP or CISA training and certification? Between the exams, text books and test data bases, neither of my certification cost more than $1,000 and they will be exposed to all applicable regulations.

 

Both of these are good (CISSP is better) at providing an overall understanding of compliance requirements (Including HIPAA and PCI) in an IT shop.

 

Feel free to contact me if you have questions.

 

Good Luck,

 

Dan Sarazen

Senior IT Auditor

The Boston Consortium for Higher Education

Brandeis University, Mailstop 110

Phone: 781-736-8703

Cell:     781-296-4444

Fax:     781-736-8706

 

 

 

Hi,

 

I agree with Dan. Focusing on a single regulation risks missing key concepts that are incorporated in CISSP, CISA, and other information security certifications. These are broad–based and provide deeper understandings of compliance challenges and opportunities.

 

I also wish you luck.

 

Wayne S. Martin

Director Public Safety

Emergency Coordination Officer

Security & Compliance Coordinator

Information Security Officer

Blue Ridge Community College

Post Office Box 80

One College Lane

Weyers Cave, Virginia 24486

Office: (540)453-2347

Fax: (540)234-9066

 

 

Message from win-hied@bradjudy.com

I think compliance-specific training is only the right track if you need to train up your staff in order to be able to make compliance related judgment calls for your institution (is X a PCI-compliant approach).  If this is the case, then something like PCI ISA training might be worthwhile (and lend an official status that your acquiring bank would appreciate).  If that isn’t your goal, then I advise assessing your team’s skillset against the security landscape and targeting deep training on areas of need that relate to compliance. 

 

For example, does your team need more strength in application security assessment, database security methods, forensics, incident response handling, a particular technology you are using (firewall, IDS, DLP, etc)?  Or maybe the best next step is scripting/coding training for building in-house tools. 

 

I prefer hitting individual topics in depth to an overview approach because I think the deeper understanding lends a lot to the best application of the information as well as longer retention of the information.  It takes longer to build out a breadth of knowledge this way, but it’s about career professional development, not quick turn-around.

 

Brad Judy

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.