Educause Security Discussion mailing list archives
Re: A user granted with admin rights failed a phishing test
From: randy <marchany () VT EDU>
Date: Mon, 9 Nov 2020 14:50:10 -0500
I agree with Jerry. The purpose of phishing "tests" is to increase awareness and not be punitive. Punitive actions will more likely cause individuals to NOT report they clicked on a link. Admins can fall for phishes just as easily as general users :-). I don't think they would get their admin rights revoked. Establish a baseline, run your test during a defined period of time (~1 month), measure your "hit" rate against your baseline, rinse, lather and repeat. -Randy Marchany VA Tech IT Security Office and Lab On Mon, Nov 9, 2020 at 2:02 PM Jerry Tylutki <jtylutki () hamilton edu> wrote:
I disagree that any punitive action should be taken. Phishing tests are in their nature deceptive and attempt to trap the individual; revoking access, potentially impacting the responsibilities of that person, is not the path I would take. Phishing campaigns are one part of a larger security education and training program. Raise awareness. Increase education. I am open and communicative when preparing to send out a phishing email -- I want the end users to expect it and be on the lookout for a phishing message. Nothing makes me more satisfied then when I get an actual phishing message forwarded to me with a "you can't trick me" type message. *-------* *Jerry TylutkiInformation Security Officer* *Hamilton College* *(315) 859-4289 -- office* ******The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender and delete the email and its contents.****** On Mon, Nov 9, 2020 at 12:28 PM Apollo Dalamar <apollodalamar () gmail com> wrote:G'day Jared, I would most certainly revoke Admin Rights until the individual can pass some of the assessments associated with the Cyber Security Training. Allude the individual that there would be some form of auditing / supervision for a graceful period. In the interim, monitor appropriate audit logs for a graceful period to make sure the individual is adhering to protocols. Additionally, have the individual sign some form of legal binding paperwork with the understanding and acknowledging that the individual is obligated to operate within protocols and anything otherwise would result in some form of disciplinary action, with the prospect of work dismal. Cheers, Pete On Mon, Nov 9, 2020 at 10:48 AM Jared Evans <jared.evans () gallaudet edu> wrote:Hello, I would ask about what actions are typically taken when a user who has been granted admin rights (limited to few workstations within their workspace) failed a phishing test with the user giving out the user credentials. Additional cybersecurity training is a given but are the admin rights temporarily revoked until the training is completed? -- Jared Evans Information Security Officer Gallaudet Technology Services Gallaudet University jared.evans () gallaudet edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- A user granted with admin rights failed a phishing test Jared Evans (Nov 09)
- Re: A user granted with admin rights failed a phishing test Hiram Wong (Nov 09)
- Re: A user granted with admin rights failed a phishing test Apollo Dalamar (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- Re: A user granted with admin rights failed a phishing test Ken Munro (Nov 09)
- Re: A user granted with admin rights failed a phishing test Rob Milman (Nov 09)
- Re: A user granted with admin rights failed a phishing test Dave Broucek (Nov 09)
- Re: A user granted with admin rights failed a phishing test randy (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- <Possible follow-ups>
- Re: A user granted with admin rights failed a phishing test Smith, Jason (Nov 09)