Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phishing awareness upon account reset

From: "Ullman, Catherine" <cende () BUFFALO EDU>
Date: Fri, 5 Apr 2013 14:00:41 -0400
Thanks, Angelo!  We have SANS as well, but have not tied it to this purpose
yet.  Which module do you have them take?

 

-Cathy

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Santabarbara, Angelo
Sent: Friday, April 05, 2013 1:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Phishing awareness upon account reset

 

We utilize SANS Securing the Human modules for this exact situation.  It is
tied into our Black Board system and users are required to take a short 4
minute module as we reactivate the account.


 

Angelo D. Santabarbara
Director of Networks & Systems
Siena College
518-782-6996
ASantabarbara () siena edu

***Siena ITS staff will NEVER ask for your password or other confidential
information via email.***

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy all
copies of the original message.

 

On Fri, Apr 5, 2013 at 10:23 AM, Ullman, Catherine <cende () buffalo edu>
wrote:

Good morning!

 

We are interested in finding out if there are any institutions out there
that require some sort of basic awareness training as part of the process of
account recovery and if so, what exactly you require your users to do.  In
other words, when we discover that an account is compromised, we have the
account reset to its claim state and the person is required to show ID in
order to reclaim the account.  However, because we suspect that many of the
compromised accounts become compromised because the user has clicked on a
phishing link, we'd like them to ALSO have to perhaps take a short training
exercise about phishing and answer a handful of questions before they can
reclaim their account.   Do any of your institutions require anything like
this process?  If so, would you please contact me either on or off list and
let me know more about your process?  Thanks!

 

Best,

Cathy

 

 

Dr. Catherine J Ullman

Information Security Analyst

Information Security Office

University at Buffalo

cende () buffalo edu

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: