Educause Security Discussion mailing list archives
Re: Phishing Simulation - Punitive Escalation
From: Oliver Betts-Richards <00000199152951de-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Tue, 19 May 2020 07:47:14 +0000
I don't know how many UK-based higher education institutions use this group so there may be a cultural barrier here (please, forgive me), but termination of employment seems like a harsh step. (I wonder how far up the chain that might stop!?) I also wouldn't like to be the member of the cybersecurity team involved in disciplining a colleague for being tricked by something that can happen to any of us. Cheers, Oliver Betts-Richards Cybersecurity Analyst IT Services M: 07920 541225 T: 01332 592394 E: o.betts-richards () derby ac uk<mailto:o.betts-richards () derby ac uk> University of Derby, Kedleston Road, Derby DE22 1GB [cid:image001.png@01D62DBA.2D2ED820]<https://www.derby.ac.uk/> [University of Derby]<https://www.derby.ac.uk/> [Tef Gold]<https://www.derby.ac.uk/about/tef/> [Gradiuan top 30]<https://www.derby.ac.uk/> [Cyber Essentials][agilepm-foundation 4] Sensitivity: Internal From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Czarapata, Paul (KCTCS) Sent: 18 May 2020 23:04 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing Simulation - Punitive Escalation CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. While I have not heard of this in Higher Education, I know of at least two hospitals in Cincinnati where the third violation is termination of employment. The first is a warning and online video, second is a face-to-face session with a member of the Cybersecurity team. ______________________________________________________________________ Paul Czarapata, Ed.D. Vice President/Chief Information Officer Kentucky Community & Technical College System 300 North Main Street Versailles, KY 40383 O: 859/256-3248 Your success equals our success. [cid:7092dddd-0cf6-45f6-ac32-d9a93b58c927] [cid:445a0320-079f-468f-93cb-de10e9d0bd3a]<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ft.sidekickopen35.com%2Fe1t%2Fc%2F5%2Ff18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XYg3MxRLxW5w6vXM8rl77WW4Wzrfn56dT6bf3Vtshg02%3Ft%3Dhttps%253A%252F%252Ftwitter.com%252FPCZARAPATA%26si%3D6650399237341184%26pi%3D4719794e-b15d-4315-b75a-2fbc2472ae29&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077705139&sdata=RXt3sP9cTYcCSZmOFORsIVRR3ku2vA1LprImaUNN3SM%3D&reserved=0> [cid:7a735ab0-5ead-4798-b33f-f04a2080274a] <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ft.sidekickopen35.com%2Fe1t%2Fc%2F5%2Ff18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XYg3MxRLxW5w6vXM8rl77WW4Wzrfn56dT6bf3Vtshg02%3Ft%3Dhttp%253A%252F%252Fwww.linkedin.com%252Fin%252Fczarapata%252F%26si%3D6650399237341184%26pi%3D4719794e-b15d-4315-b75a-2fbc2472ae29&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077705139&sdata=k9MrizMPcShUOvarV8Il4Pon061CUnnM9Fd3Zau0CqQ%3D&reserved=0> [cid:12e3de41-ed1d-45a6-8fe7-fd8925b7932b] <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FKCTCS%2F110247165663059&data=02%7C01%7C%7Cb93cc49e40cb41f11bc908d5f87cfeca%7Cf2e339511ec44c72b2bfa4f4671d64af%7C0%7C0%7C636688138077715152&sdata=A9N%2F7CaBC7ypFt8hK3h%2FXehULdBLUMgue98ihZOYnq0%3D&reserved=0> Training and Learning Center<http://kctcs.edu/tlc> | Technology Solutions Help Desk<http://ithelpdesk.kctcs.edu/> | Technology Communications Center<http://kctcs.edu/tcc> ________________________________ From: Gomez, Joshua <J.Gomez () SNHU EDU<mailto:J.Gomez () SNHU EDU>> Sent: Monday, May 18, 2020 10:51 AM Subject: Phishing Simulation - Punitive Escalation Hello I wanted to ask what people are doing for a "path to escalation" for staff who repeatedly fail simulations or cause incidents? For Example First Failure -> Remedial Training Second Failure -> Remedial Training + Supervisor Notification Third Failure -> Remedial Training + Sit down with person and department head Etc. I'm just trying to get some ideas to bring to our Governance committee. We have not been trying to be punitive and haven't needed to do much, but we are starting to see repeat offenders that need coaching for behavioral changes. Thanks in Advance, Josh Joshua Gomez | Analyst, Information Security Information Technology Solutions ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community The University of Derby has a published policy regarding email and reserves the right to monitor email traffic. If you believe this was sent to you in error, please reply to the sender and let them know. Key University contacts: http://www.derby.ac.uk/its/contacts/ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Phishing Simulation - Punitive Escalation Gomez, Joshua (May 18)
- Re: Phishing Simulation - Punitive Escalation Ken Connelly (May 18)
- Re: Phishing Simulation - Punitive Escalation Frank Barton (May 18)
- Re: Phishing Simulation - Punitive Escalation Ullman, Catherine (May 18)
- Re: Phishing Simulation - Punitive Escalation Scantlin, Aaron J. (May 18)
- Re: [EXTERNAL] Re: [SECURITY] Phishing Simulation - Punitive Escalation Hart, Michael (May 18)
- Re: Phishing Simulation - Punitive Escalation Frank Barton (May 18)
- Re: Phishing Simulation - Punitive Escalation Jesse Thompson (May 18)
- <Possible follow-ups>
- Re: Phishing Simulation - Punitive Escalation Czarapata, Paul (KCTCS) (May 18)
- Re: Phishing Simulation - Punitive Escalation Rose, Henry (May 18)
- Re: Phishing Simulation - Punitive Escalation Oliver Betts-Richards (May 19)
- Re: Phishing Simulation - Punitive Escalation Ken Connelly (May 18)