Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Faculty Acceptance of Security Awareness Education?

From: Matthew Wollenweber <mjw () CYBERWART COM>
Date: Tue, 17 Nov 2009 12:59:46 -0500
I've thought on this problem a lot recently. I haven't yet tried to push the
plan through management, but the most reasonable approach to me seems to be
targeted and automated training. Most malware we see is the result of
trojans, which means user interaction is generally required. When we
remediate the system, it would be easy enough to sign the user up for a
phishing/trojan awareness training through a service like phishme.com. That
way users that have problems get training, training functions as a test of
sorts, and it's automated so the employee isn't defensive about what they
were doing that led to the compromise. Again, this isn't implemented but in
my opinion it feels like an unresolved problem when we remediate a system
for a trojan with little or no training/interaction with the user and this
is the best solution I've had on the subject.



On Wed, Oct 28, 2009 at 6:21 PM, Jon Good <Jon.Good () ucop edu> wrote:


  Researching a question posed by our Academic Senate leadership:



   What approaches have worked at other institutions to persuade faculty to
get on the security awareness bandwagon [take the “training”]?





Jon Good
Director, Information Security
Information Resources & Communications
University of California Office of the President
415 - 20th Street, 3rd Floor
Oakland, CA 94612-2901
(510) 987-0518







-- 
Matthew Wollenweber
Previous By Date Next
Previous By Thread Next

Current thread: