Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internal Phishing Simulation Advice

From: "Manjak, Martin" <mmanjak () ALBANY EDU>
Date: Mon, 17 Dec 2018 16:17:03 +0000
If possible, partner with your Internal Controls office to co-sponsor this effort. That can help justify rolling the 
program initially to high risk units.

Also, if you have an information security governance body, get their endorsement.

We portray this program on our campus as effort to protect faculty and staff from a real and present threat to their 
personal information, and their finances. The campus benefits overall, but the focus on protecting the individual 
employees.

Since we were targeted by the Iranians indicted in March of this year, I use that as a cautionary tale that gets good 
traction, particularly with faculty, in justifying the need for this kind of training.

Marty Manjak
CISO
University at Albany

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valentijn, Ashley
Sent: Monday, December 17, 2018 10:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Internal Phishing Simulation Advice


Good morning,



We want to launch an internal phishing simulation in order to better train our employees on recognizing phishing 
emails. Target participants are university faculty and staff.



Any advice, suggestions, and/or recommendations on how to successfully implement such a simulation would be much 
appreciated. We are looking at possibly using GoPhish or Microsoft's new Phishing Attack Simulator.



Thank you in advance! Feel free to send me a direct email or I am also open to the possibility of a quick phone call.



Warm Regards,
Ashley Valentijn
Security Engineer
Information Security Office
University of Miami
P: 305-284-4582 | E: axv749 () miami edu<mailto:axv749 () miami edu>
Previous By Date Next
Previous By Thread Next

Current thread: