Educause Security Discussion mailing list archives
Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144)
From: Ben Woelk <fbwis () RIT EDU>
Date: Fri, 5 Sep 2014 13:35:59 +0000
We are piloting phishing with about 55 users before enlarging our scope. You may want to start with a small group. Are you going to let “participants” know that phishing will be conducted? Carnegie Mellon has been doing internal phishing for a while. You might want to reach out to Wiam Younes. (She’s on this list.) Ben Woelk '07 Private Information Management Initiative Project Manager ISO Program Manager Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu<mailto:ben.woelk () rit edu> http://www.rit.edu/security/ Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645> Follow us on Twitter: http://twitter.com/RIT_InfoSec CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John Forker Sent: Friday, September 05, 2014 9:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Peter, We have sent simulated phishing message to 6000 employees and I have reported results to a board committee. You will undoubtedly receive a lot of hate mail and arguments why this is the wrong approach. If you stand tall that it is the right thing to do and you have support from the top, the VPs and other groups shouldn't cause issues. If you want to know more about our approach and results, feel free to contact me directly. John ------------------ John Forker Chief Information Security Officer University of Maine System (207) 973-3293 Date: Thu, 4 Sep 2014 16:19:07 +0000 From: Peter Lundstedt <peter.lundstedt () DRAKE EDU<mailto:peter.lundstedt () DRAKE EDU>> Subject: Phishing education rollout To coincide with NCSAM, we are planning on kicking off a 1-year phishing ed= ucation program. We're partnering with an external company to execute the = program and as we prep for the engagement, one thing we keep hearing of is = the risk of angering the user base, having faculty go to the dean's council= , administration going to their VPs, and just general bad "press". We have support from the top to proceed with the program and will communica= te to the target user base, but I'm wondering what others have done for the= ir rollouts, and just ways to ensure success in this area. Peter Lundstedt | Information Security Analyst Drake Technology Services (DTS) | Drake University
Current thread:
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) John Forker (Sep 05)
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Ben Woelk (Sep 05)
- <Possible follow-ups>
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Rich Graves (Sep 05)