Educause Security Discussion mailing list archives
Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144)
From: John Forker <jforker () MAINE EDU>
Date: Fri, 5 Sep 2014 09:14:34 -0400
Peter, We have sent simulated phishing message to 6000 employees and I have reported results to a board committee. You will undoubtedly receive a lot of hate mail and arguments why this is the wrong approach. If you stand tall that it is the right thing to do and you have support from the top, the VPs and other groups shouldn't cause issues. If you want to know more about our approach and results, feel free to contact me directly. John ------------------ John Forker Chief Information Security Officer University of Maine System (207) 973-3293 Date: Thu, 4 Sep 2014 16:19:07 +0000 From: Peter Lundstedt <peter.lundstedt () DRAKE EDU> Subject: Phishing education rollout To coincide with NCSAM, we are planning on kicking off a 1-year phishing ed= ucation program. We're partnering with an external company to execute the = program and as we prep for the engagement, one thing we keep hearing of is = the risk of angering the user base, having faculty go to the dean's council= , administration going to their VPs, and just general bad "press". We have support from the top to proceed with the program and will communica= te to the target user base, but I'm wondering what others have done for the= ir rollouts, and just ways to ensure success in this area. Peter Lundstedt | Information Security Analyst Drake Technology Services (DTS) | Drake University
Current thread:
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) John Forker (Sep 05)
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Ben Woelk (Sep 05)
- <Possible follow-ups>
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Rich Graves (Sep 05)