Educause Security Discussion mailing list archives

Phishing Simulation - Punitive Escalation

From: "Gomez, Joshua" <J.Gomez () SNHU EDU>
Date: Mon, 18 May 2020 14:51:07 +0000

Hello
I wanted to ask what people are doing for a "path to escalation" for staff who repeatedly fail simulations or cause 
incidents?

For Example
First Failure -> Remedial Training
Second Failure -> Remedial Training + Supervisor Notification
Third Failure -> Remedial Training + Sit down with person and department head
Etc.

I'm just trying to get some ideas to bring to our Governance committee.  We have not been trying to be punitive and 
haven't needed to do much, but we are starting to see repeat offenders that need coaching for behavioral changes.

Thanks in Advance,

Josh

Joshua Gomez | Analyst, Information Security
Information Technology Solutions






**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Phishing Simulation - Punitive Escalation Gomez, Joshua (May 18)
- Re: Phishing Simulation - Punitive Escalation Ken Connelly (May 18)
  - Re: Phishing Simulation - Punitive Escalation Frank Barton (May 18)
    - Re: Phishing Simulation - Punitive Escalation Ullman, Catherine (May 18)
  - Re: Phishing Simulation - Punitive Escalation Scantlin, Aaron J. (May 18)
    - Re: [EXTERNAL] Re: [SECURITY] Phishing Simulation - Punitive Escalation Hart, Michael (May 18)
- Re: Phishing Simulation - Punitive Escalation Jesse Thompson (May 18)
- <Possible follow-ups>
- Re: Phishing Simulation - Punitive Escalation Czarapata, Paul (KCTCS) (May 18)
  - Re: Phishing Simulation - Punitive Escalation Rose, Henry (May 18)
  - Re: Phishing Simulation - Punitive Escalation Oliver Betts-Richards (May 19)