Re: Cyber Security Awareness Month - Examples of Online events or Phishing

[Stacy Lee <sbl () STANFORD EDU>]

At Stanford we will be running a week long Virtual Festival for CyberSecurity Awareness month.  We will be hosting a 
variety of speakers, panels and workshops.  Some of our workshops will be inline during the event such as our Red 
Team/Blue Team Exercise, Cardinal Key Workshops and Table Top IR Exercise to name a few.

We will be running some out of band activities running off the CTFd platform for people to do on their own time and 
plan to have an online leaderboard to make for some friendly competition.

@Kristen Dietiker: love the idea of the Scavenger Hunt and your thought process behind it and thanks for the links.

Check out our event site at https://cyberfest.stanford.edu ​for what we have planned and stay tuned for updates.
Cybersecurity and Privacy Festival 2020 | University IT<https://cyberfest.stanford.edu/>
What’s in it for me? The festival will provide value for students, faculty, and staff alike, including: Deepen your 
knowledge about the importance of cybersecurity and privacy to ensure that Stanford community have the resources to be 
more secure online
cyberfest.stanford.edu

Stacy Lee
ISO | Security Operations
Stanford University

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kristen Dietiker 
<000001c25973bc27-dmarc-request () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, September 1, 2020 6:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Cyber Security Awareness Month - Examples of Online events or Phishing

I've built an online scavenger hunt, modeled after one SANS did several weeks ago for their awareness summit: 
https://sites.google.com/view/ScavengerHuntStart<https://urldefense.com/v3/__https://sites.google.com/view/ScavengerHuntStart__;!!POPwgc47LqelFC4T6Q!cPjzFUwH5ZgDff7oUqEeDNuUjpS_BIKtNPUZhW2azTSlLHQGmsZBfktkSXC7E7A-e8owSg$>
 (Not sure how long their site will be available.)

It uses Google forms and Google sites. Answers to clues on a Google form are used to create a key that becomes part of 
the URL of the next level (A Google site), which has another form with clues to unlock the third level. (Wrong answers 
won't generate the correct URL). The SANS version concluded with "finding the buried treasure" by generating 
coordinates for Google maps. I've ditched this part and just created an end page with a "Congrats, here's a reward" 
message. Those rewards will likely be cybersecurity & SCU themed wallpapers or Zoom backgrounds they can download right 
from the end page. I also hope to do drawings for small prizes.

I thought most of the SANS questions weren't really suitable for our faculty and staff and didn't really serve to drive 
behavioral change. I really tried to focus on creating clues and answers that addressed the common problems we see–such 
as account security. My questions are split between asking about SCU security resources, and advice that is found on 
our website, and security resources around the web. Most questions focus on using long passwords, password managers, & 
multi-factor auth, with the purpose of driving change in these areas. A few questions drive people to external 
resources they can use to assess personal security risk.

--
Kristen Dietiker
Chief Information Security Officer
Santa Clara University
(408) 554-5554



On Mon, Aug 31, 2020 at 2:28 PM Royse, Rhonda - (rroyse) <rroyse () arizona edu<mailto:rroyse () arizona edu>> wrote:

Good afternoon everyone!



I are prepping for our online Cybersecurity Awareness month, and I recall a few universities who have administered 
online phishing quizzes, or games. Would appreciate any examples or campaigns that you could share!



We are looking at phishing instances or even small videos that can help explain key concepts to our audiences.



Thank you

Rhonda



[cid:1744c4d07714cff311]

Rhonda Bartz-Royse
DCIO/IT Security Program/IAM – Manager
Information Security Office
THE UNIVERSITY OF ARIZONA

Computer Center
PO Box 210073 | Tucson, AZ 85721
Office: 520-621-5927 | Cell: 480-209-6465
rroyse () arizona edu<mailto:rroyse () arizona edu>

security.arizona.edu<https://urldefense.com/v3/__https://security.arizona.edu/__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpPmsiGU-$>
facebook<https://urldefense.com/v3/__https://www.facebook.com/UArizonaInfoTech/__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpLRhDhPP$>
 | 
twitter<https://urldefense.com/v3/__https://twitter.com/UaInfotech__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpF5HHz7R$>
 | 
instagram<https://urldefense.com/v3/__https://www.instagram.com/uainfotech/__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpO0q57iv$>
 | 
linkedin<https://urldefense.com/v3/__https://www.linkedin.com/school/the-university-of-arizona__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpGSdtrVW$>





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https://www.educause.edu/community__;!!MLMg-p0Z!XXgIy1D9gBAybI6cB1PvPX_huscU1sk7CJURPvLTlB1oEy7lZrlnluJWpLV00yGH$>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https://www.educause.edu/community__;!!POPwgc47LqelFC4T6Q!cPjzFUwH5ZgDff7oUqEeDNuUjpS_BIKtNPUZhW2azTSlLHQGmsZBfktkSXC7E7Dandm__g$>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community