Re: Security Awareness Program assistance

["Ullman, Catherine" <cende () BUFFALO EDU>]

Thanks Bryan!

 

I will look into this information further.

 

Best,

Cathy

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andregg, 
Bryan Courtney
Sent: Wednesday, May 27, 2015 11:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Awareness Program assistance

 

Dan deBeaubien (SANS) and Ashley Sudderth (Michigan Technological University) presented a post conference seminar at 
the SPC, “Building Awareness: A Guide to Establishing a Successful Information Security Awareness Program.” The slides 
are available, 
http://www.educause.edu/events/security-professionals-conference/2015/building-awareness-guide-establishing-successful-information-security-education
 .

 

The most important part for their program was developing a survey that was both short and informative and then 
processing those results into metrics. Dan intimated he’d be happy to share the survey and some of his post processing 
if desired, <dan () sans org>.

 

Cheers,

 

Bryan

-- 

Bryan C. Andregg

IT Security & Systems Manager

Instructional and Information Systems

UNC Gillings School of Global Public Health

 

 

From: Chris Bunn <chris () ISDECISIONS COM>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, May 27, 2015 at 11:36 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance

 

Dear Cathy

 

As it happens, just this afternoon there is a new game that’s been launched that might interest you.

 

To help support IT professional’s efforts to raise user security awareness, IS Decisions have developed the free 
resource : The Weakest Link: A User Security Game.

 

Any employee, in any position (including the C Suite) from any department can play. 

 

We want it to be a credible independent resource for IT people to use, which is why we’ve developed it with the input 
of analysts, experts and IT people themselves. It’s completely free to use, and we hope that IT people will share it 
with their users to play to try and drive awareness of the issues of user security and insider threat.

 

So please try it and feel free to share it amongst your users.

 

http://www.isdecisions.com/user-security-awareness/

 

 

Thanks and Kind regards

Chris Bunn

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ullman, 
Catherine
Sent: mercredi 27 mai 2015 17:19
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Awareness Program assistance

 

Greetings!

 

I have been asked to put together a University-wide security awareness program that is phased in over the next two 
years and ideally includes measurements of success.  I would very much like to hear from any of you who have 
successfully undertaken such a project and how you’ve accomplished it, because this is a larger undertaking than I’ve 
ever been expected to complete.  I also would prefer not to reinvent the wheel if there are already great ideas out 
there!

 

The kinds of things I’m looking for include the approach, how the rollout was accomplished, tools being used, measures 
of success.  FWIW I’d prefer our awareness program to be a positive reinforcement type thing, encouraging folks to want 
to be involved rather than a stick-based program.

 

Feel free to email me off-line if you’d prefer.  Thanks in advance for your help.

 

Sincerely,

Cathy

 

 

Dr. Catherine J Ullman

Information Security Analyst

Information Security Office

University at Buffalo

cende () buffalo edu

Attachment: smime.p7s
Description: