KnowBe4 Tool Implementation

100%

Status

Completed [Completed]

100% complete, updated on Thu 8/1/24 5:11 PM by Chris Witthans

Changed Status from In Process to Completed.
Changed Health from Yellow to None.
Changed Percent Complete from 95% to 100%.
This project is completed.

Details

Dates
Mon 5/1/23 - Thu 8/1/24

Acct/Dept

Information Security

Service

Project and Change Management Office / Information Technology Project Request

Type

Operational / Maintenance Projects / Division of IT Maintenance Operations Projects

Health

None - No health has been set

Portfolio(s)

ISEC (James Gordon)
PCMO (Wendy Bentley)

Classification

PCMO Managed Project

Requirements

Pre-pilot with ISEC and ESYS. Pilot with DoIT. Integration of KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. Setting up automation of assigned training for those caught by phishing attempts. Creation of internal user documentation. Updating or retiring existing knowledge base articles and web pages related to phishing. Creation of KnowBe4 training modules in CSU Learn. Training of ISEC and ITSS staff. Communication to campus.

Created

Wed 6/7/23 4:34 PM

Modified

Thu 8/1/24 5:11 PM

Closed

Thu 8/1/24 5:11 PM

Change Impact

How will you measure the impact of this project?

What are some metrics or KPIs that will be used to measure success? Think about the five metrics to measure: quality, quantity, timeliness, cost, and customer satisfaction.

Impact will be measured using KnowBe4's security analysis tools.

What are the consequences of not doing this project?

For example: direct significant negative consequences to the University, unable to conduct basic services; failure to resolve customer complaints or requests; loss of opportunity for improved service delivery or efficiency. Please explain.

ISEC's current phish vaporizing method is manual intensive and requires root access to the person's Outlook inbox. Consequences of not doing this project would be a huge loss of opportunity for improved security and enhanced Security and Awareness training. There aren't currently efficient means for a holistic view of phishing runs be reported throughout the environment in a consistent way.

How many employees will be impacted by this change?

Select the size of the employee population that will be impacted by this request.

Most/all

How many students will be impacted by this change?

Select the size of the student population that will be impacted by this request.

Most/all

Project Costs

Funding Status

Funding is necessary and has been approved

Project Details

Divisional VP Support

Does your divisional VP support this request?

Yes

What would a successful solution look like?

What outcome will you have at the conclusion of this project? If this proposal is one of a multi-phase project, please explain your plans, goals, and timelines for subsequent phases.

A successful solution includes integrating KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. The solution also automates the phish vaporizing method and assigns training to those caught by phishing attempts. The solution would require the creation of internal user documentation, updating or retiring existing knowledge base articles related to phishing, the creation of KnowBe4 training modules in CSU Learn, training of ISEC and ITSS staff, and communication to campus.

Executive Sponsor Division

The executive sponsor's campus division.

Information Technology

If this request is mandated, please provide details about what's driving the mandate.

If you selected Chancellor's Office, legal or collective bargaining requirement, please provide details about the policy, law or executive memorandum that’s driving the mandate.

PolicyStat ID 11773867 - ISO Domain 7: Human Resources Security Policy, 2) Information Security Training and Awareness Activities (https://calstate.policystat.com/policy/11773867... FTC Safeguards Rule (https://www.ftc.gov/business-guidance/resources...

Project Urgency

Indicate if there is a mandate or requirement driving this request.

Mandated by Federal Law, State Law, or Executive Order

Deadline Reason

Describe the business requirement or reason for the project deadline.

Goal is December 20223 to have a training package created by that time.

Project Resources & Effort

What resources will this project require?

Identify the department and/or individuals that might need to work on this project and the estimated number of hours required for each individual.

ISEC, ESYS, ITSS, Jim Kelly, OCIO, Josh Compton, TEIN-Jeremy Olguin related to training, Jatinder for communications, Ross Rashkov for learning modules in CSU Learn.

DoIT Departments Involved

Any Division of IT departments that will be involved in this project.

ESYS (Enterprise Systems)
ISEC (Information Security)
ITSS (Information Technology Support Services)
OCIO (Office of the Chief Information Officer)
TEIN (Technology Equity and Inclusion)

Complexity of Implementation

What is the complexity of the project?

Moderate (multiple interfaces/impacts/dependencies)

What is the solution type?

The solution type translates to the level of impact on IT staffing and technology maintenance. Based on consultation with your IT representative, pick the best fit for your proposed solution.

Complete new system or complete replacement of existing system

Description

KnowBe4 has been purchased and will be used to bolster Chico State's Cybersecurity & Awareness program by providing world-class training for faculty, staff, and students. ISEC and ESYS are already working through a pre-pilot and hope to launch the pilot with DoIT in June and complete a full deployment to campus in July.

Manager

Darin Wilt

Alternate Manager(s)

Alisha Johns

Wendy Bentley

Chris Witthans

Sponsor

Chris Witthans

Stakeholders (1)

Monique Sendze

Informed

Informed.

Fri 6/2/23 4:20 PM

Updating...