Re: Security Awareness Program assistance

["Andregg, Bryan Courtney" <bryan.andregg () UNC EDU>]

Dan deBeaubien (SANS) and Ashley Sudderth (Michigan Technological University) presented a post conference seminar at 
the SPC, “Building Awareness: A Guide to Establishing a Successful Information Security Awareness Program.” The slides 
are available, 
http://www.educause.edu/events/security-professionals-conference/2015/building-awareness-guide-establishing-successful-information-security-education
 .

The most important part for their program was developing a survey that was both short and informative and then 
processing those results into metrics. Dan intimated he’d be happy to share the survey and some of his post processing 
if desired, <dan () sans org>.

Cheers,

Bryan
--
Bryan C. Andregg
IT Security & Systems Manager
Instructional and Information Systems
UNC Gillings School of Global Public Health


From: Chris Bunn <chris () ISDECISIONS COM<mailto:chris () ISDECISIONS COM>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, May 27, 2015 at 11:36 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Security Awareness Program assistance

Dear Cathy

As it happens, just this afternoon there is a new game that’s been launched that might interest you.

To help support IT professional’s efforts to raise user security awareness, IS Decisions have developed the free 
resource : The Weakest Link: A User Security Game.

Any employee, in any position (including the C Suite) from any department can play.

We want it to be a credible independent resource for IT people to use, which is why we’ve developed it with the input 
of analysts, experts and IT people themselves. It’s completely free to use, and we hope that IT people will share it 
with their users to play to try and drive awareness of the issues of user security and insider threat.

So please try it and feel free to share it amongst your users.

http://www.isdecisions.com/user-security-awareness/


Thanks and Kind regards
Chris Bunn


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ullman, 
Catherine
Sent: mercredi 27 mai 2015 17:19
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Security Awareness Program assistance

Greetings!

I have been asked to put together a University-wide security awareness program that is phased in over the next two 
years and ideally includes measurements of success.  I would very much like to hear from any of you who have 
successfully undertaken such a project and how you’ve accomplished it, because this is a larger undertaking than I’ve 
ever been expected to complete.  I also would prefer not to reinvent the wheel if there are already great ideas out 
there!

The kinds of things I’m looking for include the approach, how the rollout was accomplished, tools being used, measures 
of success.  FWIW I’d prefer our awareness program to be a positive reinforcement type thing, encouraging folks to want 
to be involved rather than a stick-based program.

Feel free to email me off-line if you’d prefer.  Thanks in advance for your help.

Sincerely,
Cathy


Dr. Catherine J Ullman
Information Security Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>