1

User AwarenessUser AwarenessInformation ForumInformation Forum

Theresa A. Masse, State Chief Information Theresa A. Masse, State Chief Information Security OfficerSecurity Officer

Department of Administrative ServicesDepartment of Administrative ServicesEnterprise Security OfficeEnterprise Security Office

2

Opening RemarksOpening Remarks

Kris Kautz, Interim DirectorKris Kautz, Interim Director

Department of Administrative Department of Administrative ServicesServices

3

AgendaAgenda

Welcome and introductionsWelcome and introductions Employee Security PolicyEmployee Security Policy Security Awareness ResourcesSecurity Awareness Resources

Recommended Level of Security Awareness Recommended Level of Security Awareness modulesmodules

Enterprise Learning Management SystemEnterprise Learning Management System Information Security Resource CenterInformation Security Resource Center

Q&AQ&A Demonstration of toolsDemonstration of tools

4

Employee Security PolicyEmployee Security Policy

5

Employee Security Policy Employee Security Policy

Recommended Level of Security Recommended Level of Security Awareness (RLSA) modules are Awareness (RLSA) modules are designed to meet the requirements designed to meet the requirements of the policyof the policy

6

Security Awareness Security Awareness ResourcesResources

Eva Doud, Business AnalystEva Doud, Business Analyst

Department of Administrative Department of Administrative ServicesServices

Enterprise Security OfficeEnterprise Security Office

7

RLSARLSA Background Background

Assessment conducted in 2006Assessment conducted in 2006 Project to research, plan, and Project to research, plan, and

implement a core program, targeted at implement a core program, targeted at numerous audiences, available to numerous audiences, available to multiple agenciesmultiple agencies

Recommended minimum level of Recommended minimum level of information security knowledge for a information security knowledge for a typical state employee with access to typical state employee with access to information technology or sensitive information technology or sensitive informationinformation

8

RLSARLSA Background Background (continued)(continued)

Designed to be delivered electronically Designed to be delivered electronically (over the Web) to reach the largest (over the Web) to reach the largest audienceaudience

Interagency work group oversaw the Interagency work group oversaw the development of the course material and development of the course material and look-and-feellook-and-feel Judicial, Administrative Services, Consumer Judicial, Administrative Services, Consumer

and Business Services, Treasury, Lottery, and Business Services, Treasury, Lottery, Secretary of State, and JusticeSecretary of State, and Justice

9

RLSARLSA

DesignDesign Cover at least 80% of state staffCover at least 80% of state staff Not meant to cover agency-specific Not meant to cover agency-specific

business requirements, policies or business requirements, policies or regulationsregulations

30 minute “seat time” per module30 minute “seat time” per module InteractiveInteractive Benefit users in both work and home Benefit users in both work and home

situationssituations

10

RLSARLSA

ModulesModules Six modules created in initial suiteSix modules created in initial suite Can be customized to meet agency-Can be customized to meet agency-

specific requirements using a readily-specific requirements using a readily-available course authoring toolavailable course authoring tool

One “refresher” course per yearOne “refresher” course per year

11

RLSA - ModulesRLSA - Modules IS101 – An Introduction to IS101 – An Introduction to

Information SecurityInformation Security What is information securityWhat is information security Basic principlesBasic principles Policies, standards and proceduresPolicies, standards and procedures

12

RLSA - ModulesRLSA - Modules IS201 – Securing Your Computer – IS201 – Securing Your Computer –

Part 1Part 1 Computer virusesComputer viruses SpywareSpyware

IS202 – Securing Your Computer – IS202 – Securing Your Computer – Part 2Part 2 Choosing strong passwordsChoosing strong passwords Protecting your passwordsProtecting your passwords Safe use of the InternetSafe use of the Internet Physically secure your computerPhysically secure your computer

13

RLSA - ModulesRLSA - Modules IS203 – Using E-MailIS203 – Using E-Mail

IntroductionIntroduction E-mail content and etiquetteE-mail content and etiquette Keeping your e-mail privateKeeping your e-mail private E-mail from other peopleE-mail from other people

14

RLSA - ModulesRLSA - Modules IS204 – Dealing with DocumentsIS204 – Dealing with Documents

Basic document securityBasic document security Requests for informationRequests for information Retaining documentsRetaining documents Destroying documentsDestroying documents

15

RLSA ModulesRLSA Modules

IS205 – When You’re Out of the IS205 – When You’re Out of the OfficeOffice IntroductionIntroduction General guidelinesGeneral guidelines Mobile devicesMobile devices

Laptop computersLaptop computers USB flash drivesUSB flash drives Cell phonesCell phones

16

RLSA - DemonstrationRLSA - DemonstrationAn Introduction to Information An Introduction to Information

SecuritySecurity

We handle a great deal of sensitive information We handle a great deal of sensitive information every day: customers' account numbers, Social every day: customers' account numbers, Social Security numbers and credit card details; as well as Security numbers and credit card details; as well as internal information such as health records, payroll internal information such as health records, payroll data, network information, ... data, network information, ...

Information security is critical to business at the Information security is critical to business at the State of Oregon. In addition, learning about State of Oregon. In addition, learning about information security will also help you to keep information security will also help you to keep yourself safe at home as identity theft and fraud yourself safe at home as identity theft and fraud become increasingly common.become increasingly common.

17

ImplementationImplementation

Agencies have access to source files, and to Agencies have access to source files, and to versions compiled in SCORM, LM-Light versions compiled in SCORM, LM-Light and HTML formatsand HTML formats

Can customize content using a readily-Can customize content using a readily-available course authoring toolavailable course authoring tool

Can be integrated into learning Can be integrated into learning management systems, which will then track management systems, which will then track student completion and generate reportsstudent completion and generate reports

Courses also can be run on an intranet with Courses also can be run on an intranet with student completion tracked manuallystudent completion tracked manually

1818

RLSA – Modifying the RLSA – Modifying the ContentContent

Dr. Steve AddisonDr. Steve Addison

Cosaint, Inc.Cosaint, Inc.

Mount Vernon, WAMount Vernon, WA

19

Modifying the ContentModifying the Content

Our aim is to use one common set of Our aim is to use one common set of source files to generate courses in source files to generate courses in multiple formats:multiple formats: SCORMSCORM LM-LightLM-Light HTMLHTML

19Source files stored in the RLSA Warehouse at https://or.cosaint.net

2020

Modifying the ContentModifying the Content

We achieve this by using a commercial We achieve this by using a commercial e-learning authoring tool called Lectorae-learning authoring tool called Lectora

Lectora is an easy-to-use tool that Lectora is an easy-to-use tool that allows you to develop/change content allows you to develop/change content without a detailed knowledge of HTML, without a detailed knowledge of HTML, JavaScript, etc.JavaScript, etc.

Can handle static and dynamic contentCan handle static and dynamic content Can develop/modify tests and quizzesCan develop/modify tests and quizzes

21

Lectora Course Lectora Course Authoring ToolAuthoring Tool

21More information at http://www.trivantis.com

2222

Modifying the ContentModifying the Content To customize a module, you must have To customize a module, you must have

access to a copy of Lectora (or a access to a copy of Lectora (or a consultant with Lectora)consultant with Lectora)

Then:Then: Download the source files from the RLSA Download the source files from the RLSA

warehouse (contact Eva Doud, DAS ESO for warehouse (contact Eva Doud, DAS ESO for logon information) logon information)

Modify as requiredModify as required Compile into SCORM, LM-Light or HTML Compile into SCORM, LM-Light or HTML

formatformat Upload to an LMS (SCORM & LM-Light) or Upload to an LMS (SCORM & LM-Light) or

to an intranet (HTML)to an intranet (HTML)

23

eLMS InitiativeeLMS Initiative

Theme Grenz, Project ManagerTheme Grenz, Project Manager

Department of Administrative Department of Administrative Services Services

Human Resources ServicesHuman Resources Services

24

eLMS InitiativeeLMS Initiative

Business CaseBusiness Case Deliver the “right” training at the “right” Deliver the “right” training at the “right”

timetime Leverage technology to help identify learning Leverage technology to help identify learning

needs at the individual and organizational needs at the individual and organizational level and deliver training which is directly level and deliver training which is directly tied to skill gaps tied to skill gaps

Support Workforce Development effortsSupport Workforce Development efforts Position learning as a critical component of Position learning as a critical component of

an organization’s ability to respond to an organization’s ability to respond to changing workforce demandschanging workforce demands

25

eLMS - What’s in it for eLMS - What’s in it for me?me?

As a student:As a student: Access a robust on-line course catalog Access a robust on-line course catalog

(eLearning, classroom)(eLearning, classroom) Register/track course Register/track course

enrollments/completionsenrollments/completions Receive real-time class notifications Receive real-time class notifications

(registration confirmation, and (registration confirmation, and reminder emails)reminder emails)

Transcript tracking Transcript tracking

26

eLMS - What’s in it for eLMS - What’s in it for me?me?

As a manager:As a manager: Track key workforce metrics in real-Track key workforce metrics in real-

time time Manage the entire performance Manage the entire performance

management process (IDP/360 reviews) management process (IDP/360 reviews) Efficiently track training expenditures Efficiently track training expenditures

across the entire agencyacross the entire agency

27

RLSA – Accessing the RLSA – Accessing the ModulesModules

Courses are available today on the Courses are available today on the oregon.gov intranet:oregon.gov intranet: https://intranet.egov.oregon.gov/egov/https://intranet.egov.oregon.gov/egov/

myportalmyportal Select the “State” tabSelect the “State” tab

28

RLSA – Accessing the RLSA – Accessing the ModulesModules

29

Other ResourcesOther Resources Information Security Resource Information Security Resource

CenterCenter Public-facing Web sitePublic-facing Web site Links to many resources on a variety of Links to many resources on a variety of

information security topicsinformation security topics Can be used to supplement training and Can be used to supplement training and

awareness effortsawareness efforts http://secureinfo.oregon.govhttp://secureinfo.oregon.gov

30

Information Security Information Security Resource Ctr.Resource Ctr.

31

Questions?Questions?

32

For further information For further information ……

Eva Doud, DAS Enterprise Security Eva Doud, DAS Enterprise Security OfficeOffice(503) 378-3071(503) 378-3071eva.doud@state.or.useva.doud@state.or.us

Theme Grenz, DAS HRSDTheme Grenz, DAS HRSD(503) 378-6213(503) 378-6213theme.grenz@state.or.ustheme.grenz@state.or.us

Theresa Masse, DAS Enterprise Security Theresa Masse, DAS Enterprise Security OfficeOffice(503) 378-4896(503) 378-4896theresa.a.masse@state.or.ustheresa.a.masse@state.or.us

33

Next Forum …Next Forum …

Acceptable UseAcceptable UsePolicy OverviewPolicy Overview

Panel PresentationPanel Presentation

March 31, 2008March 31, 2008

34

Tools DemonstrationTools Demonstration