Educause Security Discussion mailing list archives

Re: Have you used SANS Phishing Assessment Services

From: "Godwin, Adam" <agodwin2 () UTK EDU>
Date: Thu, 24 Sep 2015 12:58:54 +0000

Good morning,

We use STH here at the UTIA and its very useful for our needs. It's easy to administer and provides reporting for the 
training. Handy for showing compliance for awareness training. The videos are decent for awareness but could use some 
work for items such as PCI & HIPAA. I would recommend it.



Adam S. Godwin, M.S., CISSP, Security+
Security Analyst
Information Technology Services
105 McCord Hall, 2640 Morgan Circle Dr
Knoxville, Tennessee 37996

865-974-7292 Office
| ag.tennessee.edu<http://ag.tennessee.edu/>

[cid:image001.png@01D06899.819476E0]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin P. 
Sale
Sent: Thursday, September 24, 2015 3:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Have you used SANS Phishing Assessment Services

In the past we have used both SANS STH and PhishMe. I'm most impressed with PhishMe.

Kevin.

Sent from my iPhone

On Sep 23, 2015, at 9:47 PM, Shettler, David <dshettle () HOLYCROSS EDU<mailto:dshettle () holycross edu>> wrote:
We piloted it over the summer and are rolling out a campaign to the rest of the campus this year.

I would recommend it for driveby phishing, and data-collection phishing, but it doesn't seem to support malicious 
attachment phishing.

It also has a limited set of domain names and I don't see any options to add our own domains that we've purchased to 
the tool.  But the reporting is good, the templates are good, and the customization is excellent.

On Wed, Sep 23, 2015 at 12:04 PM, Cathy Hubbs <hubbs () american edu<mailto:hubbs () american edu>> wrote:
We are considering purchasing the SANS Phishing Assessment service for a year  Curious how many of you have used it and 
would recommend it?

Thanks in advance.

Cathy

Cathy Hubbs,
Chief Information Security Officer
Office of Information Technology
American University



--

[http://college.holycross.edu/email/template/email-180-tag.jpg]

DAVID SHETTLER
Information Security Officer
Information Technology Services
dshettle () holycross edu<mailto:dshettle () holycross edu>
phone: (508) 793-3073
One College Street
Box ITS
Worcester, Mass. 01610
www.holycross.edu<http://www.holycross.edu>

________________________________

This message and its contents including attachments are intended solely for the original recipient. If you are not the 
intended recipient or have received this message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. Please consider the environment before 
printing this email.

Current thread:

Have you used SANS Phishing Assessment Services Cathy Hubbs (Sep 23)
- Re: Have you used SANS Phishing Assessment Services Shettler, David (Sep 23)
  - Re: Have you used SANS Phishing Assessment Services Kevin P. Sale (Sep 24)
    - Re: Have you used SANS Phishing Assessment Services Godwin, Adam (Sep 24)