Educause Security Discussion mailing list archives

Re: Oxford and Google Apps

From: "King, Ronald A." <raking () NSU EDU>
Date: Tue, 19 Feb 2013 09:32:44 -0500

Annual SAT is required for all employees and managed through Awareity's
MOAT.  I would say it has cut down on the amount of those responding to
phishing, but, there are still going to be some that "forget" their
training.  In those cases, we have a one on one chat to help them understand
and ask if they need to retake the training.  

 

 

Ronald King

Security Engineer

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/> 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lorenz, Eva
Sent: Tuesday, February 19, 2013 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Oxford and Google Apps

 

I agree that user education is the preferred method to avoid any security
incident, not just phishing. I have a question to the list members who have
seen positive effects from user awareness training. Do you have any
requirement for user awareness training, such as a required annual training
for all affiliates? If you do outreach, do you cover all departments or
select high value targets, such as finance? 

 

I am wondering whether Oxford does any user security training? Blocking
Google docs seem like overkill, especially since they admit that the
business impact was higher than expected. But allow me to speculate here;
maybe options are limited in terms of outreach and blocking seems like a way
to limit damage, but possible also has the benefit of making users aware
that Google docs can be used as a vehicle for security incidents. Maybe
something along the lines of awareness training by impact. In our
environment, as other have mentioned already for their universities,
blocking Google docs would not work, not even for the timeframe mentioned in
the article.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tracy Mitrano
Sent: Tuesday, February 19, 2013 7:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: [SECURITY] Oxford and Google Apps

 

Thoughts on this matter among the experts?
http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/

Attachment: smime.p7s
Description:

Current thread:

Re: Oxford and Google Apps, (continued)
- Re: Oxford and Google Apps Bradner, Scott (Feb 19)
- Re: Oxford and Google Apps Roger A Safian (Feb 19)
- Re: Oxford and Google Apps Hall, Rand (Feb 19)
- Re: Oxford and Google Apps Lorenz, Eva (Feb 19)
  - Re: Oxford and Google Apps Bob Bayn (Feb 19)
    - Re: Oxford and Google Apps Bob Bayn (Feb 19)
    - Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
    - Re: Oxford and Google Apps Bob Bayn (Feb 19)
    - Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
    - Re: Oxford and Google Apps Roger A Safian (Feb 19)
  - Re: Oxford and Google Apps King, Ronald A. (Feb 19)
- Re: Oxford and Google Apps David Opitz (Feb 19)
  - Re: Oxford and Google Apps Mike Porter (Feb 19)
  - Re: Oxford and Google Apps David Gillett (Feb 19)
- Re: Oxford and Google Apps Tim Doty (Feb 19)
  - Re: Oxford and Google Apps Justin C. Klein Keane (Feb 19)
- Re: Oxford and Google Apps Sigmon, Aaron (Feb 19)
  - Re: Oxford and Google Apps Kevin Wilcox (Feb 19)
- Re: Oxford and Google Apps Oscar Knight (Feb 19)