Requirement
UT Austin Information Resources and Security Policy, Section 18.4
18.4 Technical Support Training. Owners and Custodians must provide, based on role, appropriate technical training equivalent to current industry standards for Information Security Administrators and employees providing Information Technology help-desk or technical support for Information Resources under their authority.
18.4.1 All Technical Support Staff (e.g., help desk, desktop support, server support) responsible for managing university owned IT devices are required to obtain an industry recognized certification, based on an IT training program defined by the Information Security Office working in conjunction with campus IT Governance, as a way of demonstrating professional skillset. Access to specific university IT tools and services will only be made available to professionally trained IT Support Staff.
18.4.1.1 IT Support Staff are expected to obtain and document continuing professional education credits each year as defined in the IT training program.
18.4.1.2 Certification exceptions will apply for IT Support Staff who have already clearly demonstrated mastery of necessary IT skills.
Compliance
- Supervisors are responsible for ensuring proper training for all new IT support staff is taken in a timely manner. While SANS certifications are highly recommended by the Information Security Office, it is understood that supervisors may need to choose a certification that best fits the role and responsibilities of the IT support staff in their organization.
- Supervisors must also identify the new IT support employee role in the central group / role management resource (e.g., OHS). Only employees in designated IT support roles will be able to access various IT support tools).
- Supervisors are responsible for ensuring their IT support staff receive on-going training and professional development.
- It is recommended that the supervisor designate approximately 1-2% of their IT support salary budget to ongoing IT training efforts.
- Additional opportunities for ongoing training include attending technical seminars or online events, reading technical publications or books, attending a technical product presentation by a vendor, attending technical training for a vendor product, attending general IT training, teaching an IT related course, hosting an FYI on campus.
Exceptions
- All IT support staff with existing IT certifications and/or 5 or more years of technical IT experience will be considered compliant with this requirement. There is no requirement for additional documentation to be provided to the Information Security Office.
- Supervisors will be empowered to evaluate the compliance of their respective IT support staff with this requirement based on skill-set, experience, and specific employment requirements and objectives. There is no requirement for additional documentation to be provided to the Information Security Office.
Available Training Resources
- Staff are encouraged to consider the SANS OnDemand program, which offers respected and highly technical information securty training. The ISO can work with interested units on negotiating deeper discounts, but typically the purchase needs to invove 3 or more trainings to be eligible for educational discounts.
- A number of other training programs are available, but these will typically require the local organizational unit to cover those associated costs. Some popular certifications are as follows (this is not a comprehensive list of the IT certifications that are available):
- Training materials are also available via Lynda.com (a service that is made available via campus funding):
- Go to www.lynda.com.
- Click on Log In option on the upper right of the window.
- In the right side window that opens, under Log in through your organization or school, type utexas.edu.
- An EID Authentication page will open.
- Log in with your EID and password.
- If you are asked whether to create a new Lynda.com account or merge an existing account, create a new account.
- Many campus organizational units take advantage of Safari Books Online (an online technical book resource). The cost for this service is approximately $350/person/year. If supervisors are interested in adding subscriptions for IT support staff they can contact SafariBooksOnline representatives and inquire about a UT Austin discount.
- Local UT specific training resources are also available online and can be reviewed on demand by IT support staff. The following topics may be of interest to an IT support staff member who is new to campus:
- Information Security
- ISORA
- Stache
- Incident Response
- Personally Identifiable Data Breach Notification Plan
- AMP (Advanced Malware Protection)
- Information Resources Use and Security Policy
- Minimum Security Standard for Systems
- Minimum Security Standard for Application Development & Administration
- Acceptable Use Policy
- International Travel Guidelines
- ISO Procedures
- Other ISO Policies and Standards
- Networking
- UTnet Utilities (forthcoming)
- NetContacts
- Network Operations Manual
- BACS Operations Manual (forthcoming)
- DNS Management (forthcoming)
- VoIP Training (forthcoming)
- System Management
- Minimum Security Standards for Systems
- Approved Encryption Methods
- How Not to Login as Administrator (and still get your job done)
- Ivanti (forthcoming)
- Virtual Servers (and the UT Virtual Machine Gateway)
- Commodity Servers
- IT Inventory and Procurement Management
- Managing Administrative Access
- Data Center Co-location
- Leveraging Splunk
- Information Security