KnowBe4 Tool Implementation

32%

Status

Project is 32% complete, starting on Mon 5/1/23 and ending on Fri 12/29/23.

In Process [In Process]

32% complete, updated on Tue 7/18/23 10:46 AM by Darin Wilt

Changed Percent Complete from 0% to 32%.

Details

Dates
Mon 5/1/23 - Fri 12/29/23

Acct/Dept

Information Security

Service

Project Requests / Information Technology Project Request

Type

IT Projects / DoIT Project

Health

Green - On track

Portfolio(s)

ISEC (James Gordon)

Classification

Projects

Requirements

Pre-pilot with ISEC and ESYS. Pilot with DoIT. Integration of KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. Setting up automation of assigned training for those caught by phishing attempts. Creation of internal user documentation. Updating or retiring existing knowledge base articles and web pages related to phishing. Creation of KnowBe4 training modules in CSU Learn. Training of ISEC and ITSS staff. Communication to campus.

Created

Wed 6/7/23 4:34 PM

Modified

Mon 9/18/23 10:04 AM

Project Costs

Is funding already secured for this request?

Funding is necessary and has been approved

Project Details

Divisional VP Support

Does your divisional VP support this request?

Yes

What would a successful solution look like?

What outcome will you have at the conclusion of this project? If this proposal is one of a multi-phase project, please explain your plans, goals, and timelines for subsequent phases.

A successful solution includes integrating KnowBe4 with Outlook to enable the presence of a button in Outlook that allows students and employees to report a phishing attempt. The solution also automates the phish vaporizing method and assigns training to those caught by phishing attempts. The solution would require the creation of internal user documentation, updating or retiring existing knowledge base articles related to phishing, the creation of KnowBe4 training modules in CSU Learn, training of ISEC and ITSS staff, and communication to campus.

Is this project mandated or required?

Mandated by Federal or State law
Mandated by the CSU CO via Executive Order or similar

If this request is mandated, please provide details about what's driving the mandate.

If you selected Chancellor's Office, legal or collective bargaining requirement, please provide details about the policy, law or executive memorandum that’s driving the mandate.

PolicyStat ID 11773867 - ISO Domain 7: Human Resources Security Policy, 2) Information Security Training and Awareness Activities (https://calstate.policystat.com/policy/11773867... FTC Safeguards Rule (https://www.ftc.gov/business-guidance/resources...

What is the reason for the project being completed by the deadline?

Describe the business requirement or reason for the project deadline.

Goal is December 20223 to have a training package created by that time.

Project Impact

How will you measure the impact of this project?

What are some metrics or KPIs that will be used to measure success? Think about the five metrics to measure: quality, quantity, timeliness, cost, and customer satisfaction.

Impact will be measured using KnowBe4's security analysis tools.

What are the consequences of not doing this project?

For example: direct significant negative consequences to the University, unable to conduct basic services; failure to resolve customer complaints or requests; loss of opportunity for improved service delivery or efficiency. Please explain.

ISEC's current phish vaporizing method is manual intensive and requires root access to the person's Outlook inbox. Consequences of not doing this project would be a huge loss of opportunity for improved security and enhanced Security and Awareness training. There aren't currently efficient means for a holistic view of phishing runs be reported throughout the environment in a consistent way.

How many employees will be impacted by this change?

Select the size of the employee population that will be impacted by this request.

Most/all

How many students will be impacted by this change?

Select the size of the student population that will be impacted by this request.

Most/all

Project Resources & Effort

What resources will this project require?

Identify the department and/or individuals that might need to work on this project and the level of effort required (minimal, moderate, extensive/substantial).

ISEC, ESYS, ITSS, Jim Kelly, OCIO, Josh Compton, TEIN-Jeremy Olguin related to training, Jatinder for communications, Ross Rashkov for learning modules in CSU Learn.

Complexity of Implementation

What is the complexity of the project?

Moderate (multiple interfaces/impacts/dependencies)

What is the solution type?

The solution type translates to the level of impact on IT staffing and technology maintenance. Based on consultation with your IT representative, pick the best fit for your proposed solution.

Complete new system or complete replacement of existing system

Description

KnowBe4 has been purchased and will be used to bolster Chico State's Cybersecurity & Awareness program by providing world-class training for faculty, staff, and students. ISEC and ESYS are already working through a pre-pilot and hope to launch the pilot with DoIT in June and complete a full deployment to campus in July.

Manager

Darin Wilt

Alternate Manager(s)

Alisha Johns

Wendy Bentley

Chris Witthans

Sponsor

Chris Witthans

Stakeholders (1)

Monique Sendze

Informed

Informed.

Fri 6/2/23 4:20 PM

Updating...