Educause Security Discussion mailing list archives
Re: attempts sending fake phishing messages to students and/or employees
From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Fri, 11 Jun 2010 08:10:25 -0400
On Jun 10, 2010, at 9:21 AM, Dave Kovarik wrote:
With one exception, I have yet to have top level management agree in practice that phishing one's own community was a good idea.
Agreed. I can understand the "research" benefits of conducting fake phishing. However, on the "operational" side of the house, the benefits are minimal and the political fall out great. The real question is, even if you do conduct a fake phishing run against your users, what will you do with the results? Do better awareness training? If so, why not focus on the awareness training instead of fake phishing? Based on real phishing success rates, I'm pretty certain the fake phishing run will be successful too. So, why do it? There *might* be a couple of legitimate reasons, but none IMHO outweigh the damaged goodwill that others have mentioned. -- Tom Davis, CISSP, CISM Chief Security Officer Public Safety and Institutional Assurance Indiana University https://informationsecurity.iu.edu/Tom_Davis
Current thread:
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Jesse Thompson (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Andrew Daviel (Jun 25)
- SSH password capture Andrew Daviel (Jun 25)
- Re: SSH password capture Yonesy F. Nunez (Jun 28)
- Re: attempts sending fake phishing messages to students and/or employees Dave Kovarik (Jun 10)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 14)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)