Educause Security Discussion mailing list archives
Re: A user granted with admin rights failed a phishing test
From: Rob Milman <rob.milman () SAIT CA>
Date: Mon, 9 Nov 2020 19:25:01 +0000
+1 for Ken’s response. We have the same strategy. Regards, Rob [cid:image001.png@01D6B693.583B0900] Rob Milman Associate Director, Information Security Information Technology Services Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca<mailto:rob.milman () sait ca> [cid:image002.png@01D6B693.583B0900] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Munro Sent: Monday, November 9, 2020 12:15 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test Hi. I also think that punitive measures should not be taken. Our cybersecurity training platform automatically notifies the user they click on a phishing link, and assigns them a contemplative survey asking questions about why they clicked it. We also have the option to assign them a remedial phishing module, which I do for staff but not faculty. We say that no one will be reprimanded for clicking on simulated phishing links. We do not require our staff and faculty take cybersecurity training, so if they think they are going to be reprimanded due to opting into the training, fewer people will sign up for it. You want people to report security incidents (real ones especially), not be afraid to report them, hide them. If you punish clickers, they may try to hide the fact that they were really phished. You might be decreasing your security by taking a punitive approach. Cheers. Ken Munro ________________________________________ Ken Munro Security Compliance and Training Specialist Information Technology and Services Mount Saint Vincent University 166 Bedford Highway Halifax, NS B3M 2J6 (902) 457-6150 ken.munro () msvu ca<mailto:ken.munro () msvu ca> Confidentiality Notice: This email may be private and confidential. If you have received this e-mail by mistake, please immediately notify the sender by e-mail or telephone, delete it from your system, and do not copy or distribute it. Phishing Warning: IT&S does not request passwords or other personal information via email. Messages requesting such information are phishing attempts and should be deleted. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Jerry Tylutki Sent: Monday, November 9, 2020 3:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test I disagree that any punitive action should be taken. Phishing tests are in their nature deceptive and attempt to trap the individual; revoking access, potentially impacting the responsibilities of that person, is not the path I would take. Phishing campaigns are one part of a larger security education and training program. Raise awareness. Increase education. I am open and communicative when preparing to send out a phishing email -- I want the end users to expect it and be on the lookout for a phishing message. Nothing makes me more satisfied then when I get an actual phishing message forwarded to me with a "you can't trick me" type message. ------- Jerry Tylutki Information Security Officer Hamilton College (315) 859-4289 -- office *****The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender and delete the email and its contents.***** On Mon, Nov 9, 2020 at 12:28 PM Apollo Dalamar <apollodalamar () gmail com<mailto:apollodalamar () gmail com>> wrote: G'day Jared, I would most certainly revoke Admin Rights until the individual can pass some of the assessments associated with the Cyber Security Training. Allude the individual that there would be some form of auditing / supervision for a graceful period. In the interim, monitor appropriate audit logs for a graceful period to make sure the individual is adhering to protocols. Additionally, have the individual sign some form of legal binding paperwork with the understanding and acknowledging that the individual is obligated to operate within protocols and anything otherwise would result in some form of disciplinary action, with the prospect of work dismal. Cheers, Pete On Mon, Nov 9, 2020 at 10:48 AM Jared Evans <jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu>> wrote: Hello, I would ask about what actions are typically taken when a user who has been granted admin rights (limited to few workstations within their workspace) failed a phishing test with the user giving out the user credentials. Additional cybersecurity training is a given but are the admin rights temporarily revoked until the training is completed? -- [https://drive.google.com/a/gallaudet.edu/uc?id=0B06ctamGLs2hSzVkWTREblhkS0E&export=download] Jared Evans Information Security Officer Gallaudet Technology Services Gallaudet University jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- A user granted with admin rights failed a phishing test Jared Evans (Nov 09)
- Re: A user granted with admin rights failed a phishing test Hiram Wong (Nov 09)
- Re: A user granted with admin rights failed a phishing test Apollo Dalamar (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- Re: A user granted with admin rights failed a phishing test Ken Munro (Nov 09)
- Re: A user granted with admin rights failed a phishing test Rob Milman (Nov 09)
- Re: A user granted with admin rights failed a phishing test Dave Broucek (Nov 09)
- Re: A user granted with admin rights failed a phishing test randy (Nov 09)
- Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
- <Possible follow-ups>
- Re: A user granted with admin rights failed a phishing test Smith, Jason (Nov 09)