Educause Security Discussion mailing list archives

Re: Security Awareness Program assistance

From: Ben Woelk <fbwis () RIT EDU>
Date: Thu, 28 May 2015 19:03:42 +0000

All,
If you want more information about doing security awareness successfully, I encourage you to subscribe to EDUCAUSE 
Security Awareness Discussion Listserv <SEC-EDUC () LISTSERV EDUCAUSE EDU>  and check out the HEISC Awareness and 
Training Working Group. We meet twice a month and work on a number of projects related to security awareness in Higher 
Education.

Information about A&T and the other HEISC working groups is at 
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/community-engagement

There are helpful resources at 
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/resources

Although they’ll be revised this summer, the following resources will be helpful in creating an Security Awareness 
program
https://spaces.internet2.edu/display/2014infosecurityguide/Security+Awareness+Quick+Start+Guide
https://spaces.internet2.edu/display/2014infosecurityguide/Security+Awareness+Detailed+Instruction+Manual



Ben Woelk CISSP
Member, Awareness and Training Working Group
Higher Education Information Security Council
http://www.educause.edu/heisc

ISO Program Manager
Rochester Institute of Technology
Rochester, New York 14623
585.475.4122
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ian 
McDonald
Sent: Thursday, May 28, 2015 2:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Awareness Program assistance

Heck, share it with everyone already :)

Best Regards,

--
ian

--
ian

Sent from my phone, please excuse brevity and/or misspelling.
________________________________
From: James Farr<mailto:jfarr () UTICA EDU>
Sent: ‎28/‎05/‎2015 19:45
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance
I would be grateful if you could also share this information with me.

James Farr
Information Security Officer
Instructional Technologist
Utica College
jfarr () utica edu<mailto:jfarr () utica edu>
315-223-2386



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Shamblin, Quinn
Sent: Wednesday, May 27, 2015 11:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance

Harry Hoffman and I put together a framework for doing this.  I’d be happy to share the documents for reference if you 
are interested.

Best,

Quinn R Shamblin                                                  .
Executive Director of Information Security, Boston University

Security Tip:
One of the most effective things you can do to keep your devices safe is to keep them and the software on them up to 
date.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ullman, 
Catherine
Sent: Wednesday, May 27, 2015 11:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Security Awareness Program assistance

Greetings!

I have been asked to put together a University-wide security awareness program that is phased in over the next two 
years and ideally includes measurements of success.  I would very much like to hear from any of you who have 
successfully undertaken such a project and how you’ve accomplished it, because this is a larger undertaking than I’ve 
ever been expected to complete.  I also would prefer not to reinvent the wheel if there are already great ideas out 
there!

The kinds of things I’m looking for include the approach, how the rollout was accomplished, tools being used, measures 
of success.  FWIW I’d prefer our awareness program to be a positive reinforcement type thing, encouraging folks to want 
to be involved rather than a stick-based program.

Feel free to email me off-line if you’d prefer.  Thanks in advance for your help.

Sincerely,
Cathy


Dr. Catherine J Ullman
Information Security Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>

Current thread:

Re: Security Awareness Program assistance, (continued)
- - Re: Security Awareness Program assistance Ullman, Catherine (May 27)
- Re: Security Awareness Program assistance Shamblin, Quinn (May 27)
  - Re: Security Awareness Program assistance Ullman, Catherine (May 27)
  - Re: Security Awareness Program assistance KILDARE,Duane V (May 28)
    - Re: Security Awareness Program assistance Larry K. Emmons (May 28)
    - Re: Security Awareness Program assistance John Husfield (May 29)
    - Re: Security Awareness Program assistance Shamblin, Quinn (Jun 01)
    - Re: Security Awareness Program assistance Shamblin, Quinn (May 28)
  - Re: Security Awareness Program assistance James Farr (May 28)
    - Re: Security Awareness Program assistance Ian McDonald (May 28)
    - Re: Security Awareness Program assistance Ben Woelk (May 28)
    - Re: Security Awareness Program assistance Valerie Vogel (May 28)
    - Re: Security Awareness Program assistance Miguel Angel Gonzalez de la Torre (May 28)
    - Re: Security Awareness Program assistance Katie Lech (May 28)
- Re: Security Awareness Program assistance Andregg, Bryan Courtney (May 27)
  - Re: Security Awareness Program assistance Ullman, Catherine (May 27)