Educause Security Discussion mailing list archives

Re: Security Awareness Program assistance

From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Thu, 28 May 2015 21:12:11 +0000

Good afternoon,

As Ben mentioned, the HEISC Awareness & Training working group has developed some resources for security awareness 
programs, all available in our Information Security Guide 
(www.educause.edu/security/guide<http://www.educause.edu/security/guide>). In addition to the Quick Start Guide and 
Detailed Instruction Manual, we also published an ECAR Research Bulletin on Measuring the Effectiveness of Security 
Awareness Programs: http://www.educause.edu/library/resources/measuring-effectiveness-security-awareness-programs

In order to subscribe to the working group’s listserv noted below, you would first need to sign up as a volunteer for 
the working group. If you are interested in joining the group, if you’d like to learn more about them, or if you’d like 
to sit in on one of our calls over the summer, please contact me directly (vvogel () educause edu<mailto:vvogel () 
educause edu>) and I will provide additional information.

Thank you,
Valerie

Valerie Vogel Program Manager

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>

From: Ben Woelk <fbwis () rit edu<mailto:fbwis () rit edu>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Thursday, May 28, 2015 at 12:03 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Security Awareness Program assistance

All,
If you want more information about doing security awareness successfully, I encourage you to subscribe to EDUCAUSE 
Security Awareness Discussion Listserv <SEC-EDUC () LISTSERV EDUCAUSE EDU<mailto:SEC-EDUC () LISTSERV EDUCAUSE EDU>>  
and check out the HEISC Awareness and Training Working Group. We meet twice a month and work on a number of projects 
related to security awareness in Higher Education.

Information about A&T and the other HEISC working groups is at 
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/community-engagement

There are helpful resources at 
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/resources

Although they’ll be revised this summer, the following resources will be helpful in creating an Security Awareness 
program
https://spaces.internet2.edu/display/2014infosecurityguide/Security+Awareness+Quick+Start+Guide
https://spaces.internet2.edu/display/2014infosecurityguide/Security+Awareness+Detailed+Instruction+Manual



Ben Woelk CISSP
Member, Awareness and Training Working Group
Higher Education Information Security Council
http://www.educause.edu/heisc

ISO Program Manager
Rochester Institute of Technology
Rochester, New York 14623
585.475.4122
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ian 
McDonald
Sent: Thursday, May 28, 2015 2:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance

Heck, share it with everyone already :)

Best Regards,

--
ian

--
ian

Sent from my phone, please excuse brevity and/or misspelling.
________________________________
From: James Farr<mailto:jfarr () UTICA EDU>
Sent: 28/05/2015 19:45
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance
I would be grateful if you could also share this information with me.

James Farr
Information Security Officer
Instructional Technologist
Utica College
jfarr () utica edu<mailto:jfarr () utica edu>
315-223-2386



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Shamblin, Quinn
Sent: Wednesday, May 27, 2015 11:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Security Awareness Program assistance

Harry Hoffman and I put together a framework for doing this.  I’d be happy to share the documents for reference if you 
are interested.

Best,

Quinn R Shamblin                                                  .
Executive Director of Information Security, Boston University

Security Tip:
One of the most effective things you can do to keep your devices safe is to keep them and the software on them up to 
date.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ullman, 
Catherine
Sent: Wednesday, May 27, 2015 11:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Security Awareness Program assistance

Greetings!

I have been asked to put together a University-wide security awareness program that is phased in over the next two 
years and ideally includes measurements of success.  I would very much like to hear from any of you who have 
successfully undertaken such a project and how you’ve accomplished it, because this is a larger undertaking than I’ve 
ever been expected to complete.  I also would prefer not to reinvent the wheel if there are already great ideas out 
there!

The kinds of things I’m looking for include the approach, how the rollout was accomplished, tools being used, measures 
of success.  FWIW I’d prefer our awareness program to be a positive reinforcement type thing, encouraging folks to want 
to be involved rather than a stick-based program.

Feel free to email me off-line if you’d prefer.  Thanks in advance for your help.

Sincerely,
Cathy


Dr. Catherine J Ullman
Information Security Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>

Current thread:

Re: Security Awareness Program assistance, (continued)
- Re: Security Awareness Program assistance Shamblin, Quinn (May 27)
  - Re: Security Awareness Program assistance Ullman, Catherine (May 27)
  - Re: Security Awareness Program assistance KILDARE,Duane V (May 28)
    - Re: Security Awareness Program assistance Larry K. Emmons (May 28)
    - Re: Security Awareness Program assistance John Husfield (May 29)
    - Re: Security Awareness Program assistance Shamblin, Quinn (Jun 01)
    - Re: Security Awareness Program assistance Shamblin, Quinn (May 28)
  - Re: Security Awareness Program assistance James Farr (May 28)
    - Re: Security Awareness Program assistance Ian McDonald (May 28)
    - Re: Security Awareness Program assistance Ben Woelk (May 28)
    - Re: Security Awareness Program assistance Valerie Vogel (May 28)
    - Re: Security Awareness Program assistance Miguel Angel Gonzalez de la Torre (May 28)
    - Re: Security Awareness Program assistance Katie Lech (May 28)
- Re: Security Awareness Program assistance Andregg, Bryan Courtney (May 27)
  - Re: Security Awareness Program assistance Ullman, Catherine (May 27)