In answer to the question of how to promote infosec awareness by faculty, there is a simple solution.

It's clear that the faculty need and want admin rights, but those right need to be revoked unless and until faculty:
1. Receive infosec training provided by IT
2. Receive administration policies and procedures
3. Sign a release, an AUP, and a statement indicating that they have passed the training, read the materials, etc.

Admin rights may be necessary, but they are /rights/ - this means that they come with certain responsibilities; and they should only be given after proper training and agreement to policy.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/267/28492#28492