Re: Oxford and Google Apps

["Lorenz, Eva" <evalorenz () UNC EDU>]

I agree that user education is the preferred method to avoid any security incident, not just phishing. I have a 
question to the list members who have seen positive effects from user awareness training. Do you have any requirement 
for user awareness training, such as a required annual training for all affiliates? If you do outreach, do you cover 
all departments or select high value targets, such as finance?

I am wondering whether Oxford does any user security training? Blocking Google docs seem like overkill, especially 
since they admit that the business impact was higher than expected. But allow me to speculate here; maybe options are 
limited in terms of outreach and blocking seems like a way to limit damage, but possible also has the benefit of making 
users aware that Google docs can be used as a vehicle for security incidents. Maybe something along the lines of 
awareness training by impact. In our environment, as other have mentioned already for their universities, blocking 
Google docs would not work, not even for the timeframe mentioned in the article.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tracy 
Mitrano
Sent: Tuesday, February 19, 2013 7:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Oxford and Google Apps

Thoughts on this matter among the experts?  http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/