Re: Phishing Simulation - Punitive Escalation

["Czarapata, Paul (KCTCS)" <paul.czarapata () KCTCS EDU>]

While I have not heard of this in Higher Education, I know of at least two hospitals in Cincinnati where the third 
violation is termination of employment.  The first is a warning and online video, second is a face-to-face session with 
a member of the Cybersecurity team.


______________________________________________________________________

Paul Czarapata, Ed.D.

Vice President/Chief Information Officer

Kentucky Community & Technical College System

300 North Main Street

Versailles, KY 40383

O: 859/256-3248



Your success equals our success.
[cid:7092dddd-0cf6-45f6-ac32-d9a93b58c927]

[cid:445a0320-079f-468f-93cb-de10e9d0bd3a]<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ft.sidekickopen35.com%2Fe1t%2Fc%2F5%2Ff18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XYg3MxRLxW5w6vXM8rl77WW4Wzrfn56dT6bf3Vtshg02%3Ft%3Dhttps%253A%252F%252Ftwitter.com%252FPCZARAPATA%26si%3D6650399237341184%26pi%3D4719794e-b15d-4315-b75a-2fbc2472ae29&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077705139&sdata=RXt3sP9cTYcCSZmOFORsIVRR3ku2vA1LprImaUNN3SM%3D&reserved=0>
 [cid:7a735ab0-5ead-4798-b33f-f04a2080274a] 
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ft.sidekickopen35.com%2Fe1t%2Fc%2F5%2Ff18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XYg3MxRLxW5w6vXM8rl77WW4Wzrfn56dT6bf3Vtshg02%3Ft%3Dhttp%253A%252F%252Fwww.linkedin.com%252Fin%252Fczarapata%252F%26si%3D6650399237341184%26pi%3D4719794e-b15d-4315-b75a-2fbc2472ae29&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077705139&sdata=k9MrizMPcShUOvarV8Il4Pon061CUnnM9Fd3Zau0CqQ%3D&reserved=0>
  [cid:12e3de41-ed1d-45a6-8fe7-fd8925b7932b] 
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FKCTCS%2F110247165663059&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077715152&sdata=A9N%2F7CaBC7ypFt8hK3h%2FXehULdBLUMgue98ihZOYnq0%3D&reserved=0>

Training and Learning Center<http://kctcs.edu/tlc> | Technology Solutions Help Desk<http://ithelpdesk.kctcs.edu/> | 
Technology Communications Center<http://kctcs.edu/tcc>


________________________________
From: Gomez, Joshua <J.Gomez () SNHU EDU>
Sent: Monday, May 18, 2020 10:51 AM
Subject: Phishing Simulation - Punitive Escalation


Hello

I wanted to ask what people are doing for a "path to escalation" for staff who repeatedly fail simulations or cause 
incidents?



For Example

First Failure -> Remedial Training

Second Failure -> Remedial Training + Supervisor Notification

Third Failure –> Remedial Training + Sit down with person and department head

Etc.



I’m just trying to get some ideas to bring to our Governance committee.  We have not been trying to be punitive and 
haven’t needed to do much, but we are starting to see repeat offenders that need coaching for behavioral changes.



Thanks in Advance,



Josh



Joshua Gomez | Analyst, Information Security

Information Technology Solutions











**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community