Educause Security Discussion mailing list archives
Re: [Ext] [SECURITY] Open/Free Social Engineering Case Study Repository for Higher Ed Institutions
From: "Leber, Dennis E" <dleber () UTHSC EDU>
Date: Wed, 6 Jan 2021 14:15:04 +0000
Good stuff, thanks for sharing [https://uthsc.edu/brand/images/email-signature/shortsig-green-horizontal.png] Dennis E. Leber Chief Information Security Officer (CISO), HIPAA Security Officer The University of Tennessee Health Science Center The Office of Cybersecurity 877 Madison Ave Memphis, TN 38103 dleber () uthsc edu<mailto:dleber () uthsc edu> c: 270.307.1609 https://www.uthsc.edu/its/cybersecurity/ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brian Kelly Sent: Wednesday, January 6, 2021 7:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [Ext] [SECURITY] Open/Free Social Engineering Case Study Repository for Higher Ed Institutions Sharing for maximum reach, please share with your networks. Professor Rege is doing great work that will help our profession today and prepare the next generation of professionals. Brian From: "Rege, Aunshul" <rege () temple edu<mailto:rege () temple edu>> Date: Monday, January 4, 2021 at 11:35 AM Subject: Open/Free Social Engineering Case Study Repository for Higher Ed Institutions Greetings and a Happy New Year! I trust you and your loved ones are doing well. I am reaching out to you because you belong to the security and/or social engineering (SE) community and, as an educator, I need your help. I am trying to build an open/free SE case study repository that can be used by educators, students, and the wider community as part of my new National Science Foundation education grant that starts this year. More information about the grant is available at https://www.nsf.gov/awardsearch/showAward?AWD_ID=2032292&HistoricalAwards=false<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nsf.gov%2Fawardsearch%2FshowAward%3FAWD_ID%3D2032292%26HistoricalAwards%3Dfalse&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175138843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=u18XeToZSwBRtnEuAxf55H8RSM2aSenrgJAZFvRE42Y%3D&reserved=0> Do you have, or are you aware of, any case studies that can be part of this repository? These case studies can be redacted, anonymized, sanitized, etc. and would be hosted on the Cybersecurity in Application, Research and Education (CARE) Lab's website (https://sites.temple.edu/care/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.temple.edu%2Fcare%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175148840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2Bj97pPDS0105ZsFrxqyx00sG5C4k2RoyHo9pXrhb7bI%3D&reserved=0>). Ideally, these case studies would have to be detailed enough to allow for the following (but certainly not limited to): Developing SE playbooks Mapping to MITRE ATT&CK framework Identifying psychological persuasion techniques Demonstrating decision-making and adaptation Displaying multiple forms of techniques (ex: vishing, pretexting, etc.) Highlighting different contexts and sectors All contributors will be recognized in the repository to ensure that proper credit is given. You can choose to remain anonymous, if you prefer. As you can imagine, teaching SE in higher ed is particularly challenging and (I believe) critical to security education. These case studies would serve as a rich resource that could be used by students, educators, and researchers across multiple domains. This repository is the next step in making SE more commonplace in the higher ed cybersecurity curriculum and research. Thus far, I have created several ethical and fun hands-on SE course projects (https://sites.temple.edu/care/downloads/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.temple.edu%2Fcare%2Fdownloads%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175148840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SYHuf7cRrT1SkR18PRSJgHT7JcZX1WzuywAz0tHvW94%3D&reserved=0>) that can be used easily by educators. To date these projects have been downloaded over 200 times worldwide. I have also co-developed a Collegiate SE CTF and training event for undergraduate students with Layer 8 Conference<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flayer8conference.com%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175158832%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qzNevhYTCVvNnjnVYRAA2v44kliwoDm5i14s6L2BGLQ%3D&reserved=0>. I'm delighted to say that this event was a success, and you can read more about it at https://sites.temple.edu/socialengineering/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.temple.edu%2Fsocialengineering%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175158832%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vqFj3pJF3m0n8jC%2FhYaLmS3YQTgL%2FWQkRLLpTlHHW9E%3D&reserved=0>! This repository is thus the next step and fills an important void in SE education and research. Please reach out if you have any questions or concerns. You can email me at rege () temple edu<mailto:rege () temple edu> or call me at 215-204-1671. Feel free to forward this email to anyone that you think may be able to contribute. Thank you so much for your time and consideration. I cannot do this without you, and I welcome any feedback that you may have. Best regards, Aunshul ------------------------------- Aunshul Rege, Ph.D. | Associate Professor | Department of Criminal Justice | Temple University Trusted CI Open Science Cybersecurity Fellow 2019<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.trustedci.org%2F2019%2F04%2FFellows-2019.html&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175168828%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mfwHFX0jvFIIoflJ35EkjkQcBYfriPyoeiN0R67%2BBHY%3D&reserved=0> Phone: 215-204-1671 | Email: rege () temple edu<mailto:rege () temple edu> Web: dr-rege.com<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdr-rege.com%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175168828%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AAtIb5ZV5Pllj8XbdsRoz2CMQFiDAcs5FBkgT%2BFhXBI%3D&reserved=0> | Twitter: @Prof_Rege<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FProf_Rege&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175178824%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5XJY8Ngd1UPqkn6YdFePFrOFZe1jYHDIgG2hU6MRfL8%3D&reserved=0> Research Website: https://sites.temple.edu/care/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.temple.edu%2Fcare%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175178824%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dzbXUXevKG60QjDCJsUD%2BHtzM%2Fo4%2FVR9XLN5vMiXIXY%3D&reserved=0> FIRST INTERCOLLEGIATE SOCIAL ENGINEERING COMPETITION https://sites.temple.edu/socialengineering/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.temple.edu%2Fsocialengineering%2F&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175188819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bZt9kgv2l8nJ8B7HN0MSo%2FW9fXuafPTBfL8MM2Ezymg%3D&reserved=0> @TU_CARE<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FTU_CARE&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175188819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AzkFA6Y8%2BgYnEJfLCdHvPHXWFa61bKo84z2SS7Hq1CA%3D&reserved=0> @CollegiateSECTF<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FCollegiateSectf&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175198812%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=XF0aiesieRSNlQr5bApN%2FEaTwBrXxNdkJnXzdxHm7BI%3D&reserved=0> #CollegiateSECTF CURRENT RESEARCH NSF SaTC: EDU: Educating STEM Students and Teachers about the Relevance of Social Engineering in Cyberattacks and Cybersecurity<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nsf.gov%2Fawardsearch%2FshowAward%3FAWD_ID%3D2032292%26HistoricalAwards%3Dfalse&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175198812%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wvmdpQDexSf4aBMoKF2n2VryIZFMK3G2g6xPezGm3nQ%3D&reserved=0> NSF CAREER: Applying a Criminological Framework to Understand Adaptive Adversarial Decision-Making Processes in Critical Infrastructure Cyberattacks<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nsf.gov%2Fawardsearch%2FshowAward%3FAWD_ID%3D1453040%26HistoricalAwards%3Dfalse&data=04%7C01%7C%7C36fe23fdf2e545abc62a08d8b0ceb614%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637453749175208805%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=O4%2BPClsODQI%2BXspLd52TE08hgAcO2w0uEA0iTyhw75c%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Open/Free Social Engineering Case Study Repository for Higher Ed Institutions Brian Kelly (Jan 06)
- Re: [Ext] [SECURITY] Open/Free Social Engineering Case Study Repository for Higher Ed Institutions Leber, Dennis E (Jan 06)