Making Information Security Fun
-
Upload
ben-woelk-cissp -
Category
Technology
-
view
1.873 -
download
2
description
Transcript of Making Information Security Fun
Ben WoelkPolicy and Awareness AnalystInformation Security OfficeRochester Institute of [email protected]
Making Information Security Fun
Introduction—the Problem
• Everyone is a target• Identity theft is big business
• You can’t rely on others to protect you
2
Avert Labs Malware Research
3Retrieved July 24, 2009 from:http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
Phishing on Social Network Sites
http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf
4
Solution
•We needed a plan–Systematic repeatable–Goals–Proactive
Components of a Plan
• Audience analysis• Key messages• Channels• Calendar• Relationships
What are Our Key Messages?• Data handling• Mandatory compliance • Phishing, Social engineering
• Protecting IP/Research
RIT Profile
Rochester Institute of Technology, founded 1829• ~18,000 students, mainly
residential• 10% international • 1300+ deaf or hard of
hearing (NTID)• ~3000 faculty and staffRespected leader in professional and career-oriented educationEight colleges, 80 majors, 3600 co-op students yearly
Branding
Consistency
Web Presence
• Use official university communications channels
• Target messages to faculty, staff, and/or students
Social Media
• Meet students where they are• Post directly from Facebook
to Twitter
Private Information Management
• Temporarily reduced response rate from ~25 per attempt to ~4 per attempt
Phishing Awareness
Orientation
• Participate in faculty events
• Hit hot topics
Faculty
Practice Digital Self Defense
16
@RIT_Infosecwww.facebook.com/RITInfosecSecurity.rit.edu