Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: User awareness recognition programs

From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Tue, 28 Apr 2015 10:21:54 +1200
That sounds interesting to us, too.

I've been trying to balance the issue of multiple reports for the same
incident (each needing acknowledgement) against the desire to reward
people for bothering to report or question them in the first place.

I've been thinking of a system to allow people to report the email
automatically, that will do some automated analysis (i.e. identify sources
and URLs), and if there are sufficient trusted reports, might even take
automatic action for us.

So a slightly different focus, but probably still useable for your
purposes. However at the moment I haven't found any products, and the
alternative is to write it ourselves.

-jim

Excerpts from Ben Woelk's message of 2015-04-28 07:23:23 +1200:

I would be interested in hearing from anyone who has implemented a program that provides recognition/incentives for 
end users who successfully identify and report phishes, or display other "awareness" behaviors.

Ben Woelk '07 CISSP
ISO Program Manager
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://www.rit.edu/security/

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or 
entity to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.


-- 
Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z.
✉ jim.cheetham () otago ac nz    ☏ +64 3 470 4670    ☏ m +64 21 279 4670
⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: