Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144)

[John Forker <jforker () MAINE EDU>]

Peter,
We have sent simulated phishing message to 6000 employees and I have
reported results to a board committee.  You will undoubtedly receive a lot
of hate mail and arguments why this is the wrong approach.  If you stand
tall that it is the right thing to do and you have support from the top,
the VPs and other groups shouldn't cause issues. If you want to know more
about our approach and results, feel free to contact me directly.
John
------------------
John Forker
Chief Information Security Officer
University of Maine System
(207) 973-3293

Date:    Thu, 4 Sep 2014 16:19:07 +0000
From:    Peter Lundstedt <peter.lundstedt () DRAKE EDU>
Subject: Phishing education rollout

To coincide with NCSAM, we are planning on kicking off a 1-year phishing ed=
ucation program.  We're partnering with an external company to execute the =
program and as we prep for the engagement, one thing we keep hearing of is =
the risk of angering the user base, having faculty go to the dean's council=
, administration going to their VPs, and just general bad "press".

We have support from the top to proceed with the program and will communica=
te to the target user base, but I'm wondering what others have done for the=
ir rollouts, and just ways to ensure success in this area.

Peter Lundstedt | Information Security Analyst
Drake Technology Services (DTS) | Drake University