KnowBe4 Tool Implementation

95%

Status

In Process [In Process]

95% complete, updated on Thu 6/20/24 3:09 PM by Darin Wilt

Need Chris Ws' approval on how he wants to handle the project closeout.  I will ask him next week and schedule the project. 


Several sections on the Project closeout document need completion.

 

Details

Dates
Mon 5/1/23 - Thu 6/6/24
Acct/Dept
Information Security
Service
Project and Change Management Office / Information Technology Project Request
Type
Operational / Maintenance Projects / Division of IT Maintenance Operations Projects
Health
Green - On track
Portfolio(s)
Classification
PCMO Managed Project
Requirements
Pre-pilot with ISEC and ESYS. Pilot with DoIT. Integration of KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. Setting up automation of assigned training for those caught by phishing attempts. Creation of internal user documentation. Updating or retiring existing knowledge base articles and web pages related to phishing. Creation of KnowBe4 training modules in CSU Learn. Training of ISEC and ITSS staff. Communication to campus.
Created
Wed 6/7/23 4:34 PM
Modified
Thu 6/20/24 3:09 PM

Change Impact

How will you measure the impact of this project?
What are some metrics or KPIs that will be used to measure success? Think about the five metrics to measure: quality, quantity, timeliness, cost, and customer satisfaction.
Impact will be measured using KnowBe4's security analysis tools.
What are the consequences of not doing this project?
For example: direct significant negative consequences to the University, unable to conduct basic services; failure to resolve customer complaints or requests; loss of opportunity for improved service delivery or efficiency. Please explain.
ISEC's current phish vaporizing method is manual intensive and requires root access to the person's Outlook inbox. Consequences of not doing this project would be a huge loss of opportunity for improved security and enhanced Security and Awareness training. There aren't currently efficient means for a holistic view of phishing runs be reported throughout the environment in a consistent way.
How many employees will be impacted by this change?
Select the size of the employee population that will be impacted by this request.
Most/all
How many students will be impacted by this change?
Select the size of the student population that will be impacted by this request.
Most/all

Project Costs

Funding Status
Funding is necessary and has been approved

Project Details

Divisional VP Support
Does your divisional VP support this request?
Yes
What would a successful solution look like?
What outcome will you have at the conclusion of this project? If this proposal is one of a multi-phase project, please explain your plans, goals, and timelines for subsequent phases.
A successful solution includes integrating KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. The solution also automates the phish vaporizing method and assigns training to those caught by phishing attempts. The solution would require the creation of internal user documentation, updating or retiring existing knowledge base articles related to phishing, the creation of KnowBe4 training modules in CSU Learn, training of ISEC and ITSS staff, and communication to campus.
Executive Sponsor Division
The executive sponsor's campus division.
Information Technology
If this request is mandated, please provide details about what's driving the mandate.
If you selected Chancellor's Office, legal or collective bargaining requirement, please provide details about the policy, law or executive memorandum that’s driving the mandate.
PolicyStat ID 11773867 - ISO Domain 7: Human Resources Security Policy, 2) Information Security Training and Awareness Activities (https://calstate.policystat.com/policy/11773867... FTC Safeguards Rule (https://www.ftc.gov/business-guidance/resources...
Project Urgency
Indicate if there is a mandate or requirement driving this request.
Mandated by Federal Law, State Law, or Executive Order
Campus Enduring Commitments & Strategic Goals
For more information about the Campus Enduring Commitments and Strategic Priorities, please go to https://www.csuchico.edu/strategicplan/enduring... and https://www.csuchico.edu/strategicplan/.
Strategic Priority: Resilient and Sustainable Systems
Deadline Reason
Describe the business requirement or reason for the project deadline.
Goal is December 20223 to have a training package created by that time.

Project Resources & Effort

What resources will this project require?
Identify the department and/or individuals that might need to work on this project and the estimated number of hours required for each individual.
ISEC, ESYS, ITSS, Jim Kelly, OCIO, Josh Compton, TEIN-Jeremy Olguin related to training, Jatinder for communications, Ross Rashkov for learning modules in CSU Learn.
DoIT Departments Involved
Any Division of IT departments that will be involved in this project.
ESYS (Enterprise Systems)
ISEC (Information Security)
ITSS (Information Technology Support Services)
OCIO (Office of the Chief Information Officer)
TEIN (Technology Equity and Inclusion)
Complexity of Implementation
What is the complexity of the project?
Moderate (multiple interfaces/impacts/dependencies)
What is the solution type?
The solution type translates to the level of impact on IT staffing and technology maintenance. Based on consultation with your IT representative, pick the best fit for your proposed solution.
Complete new system or complete replacement of existing system

Description

KnowBe4 has been purchased and will be used to bolster Chico State's Cybersecurity & Awareness program by providing world-class training for faculty, staff, and students. ISEC and ESYS are already working through a pre-pilot and hope to launch the pilot with DoIT in June and complete a full deployment to campus in July.

Manager

Alternate Manager(s)

Sponsor

Stakeholders (1)

MS
Monique Sendze
Informed
Informed.
Fri 6/2/23 4:20 PM