The document outlines a presentation by Ben Woelk regarding a communications strategy for cybersecurity awareness at the Rochester Institute of Technology. It discusses the implementation of a systematic approach to educate and inform the community about information security threats while addressing challenges like messaging overload. Key components include audience analysis, multi-channel communications, and an evaluation plan to measure success and make adjustments.

1. Rochester Security Summit
Ben Woelk, CISSP
ISO Program Manager
Rochester Institute of Technology

2. Copyright © 2014 Rochester Institute of Technology
Presentation Overview
• Background
• Communications Plan Basics
• RIT Implementation
• Success?
• Discussion

3. Copyright © 2014 Rochester Institute of Technology
BACKGROUND

4. Copyright © 2014 Rochester Institute of Technology
My Background
• Corporate
• Higher Education
– ISO Office
– Adjunct
• Techcomm
• Computing Security

5. Copyright © 2014 Rochester Institute of Technology
Rochester Institute of Technology
• RIT Environment
– 18,500 students
– 3,500 faculty and
staff
– International
Locations
– ~40,000+ systems on
the network at any
given time
– Very skilled IT
security students

6. Copyright © 2014 Rochester Institute of Technology
RIT Information Security
• RIT ISO
– 3 full time
• Information Security
Officer
• Program Manager
• Sr. Forensics
Investigator
– 1-4 student employees
• Mix of coop and part-
time
• Risk Management,
not Information
Technology

7. Copyright © 2014 Rochester Institute of Technology
COMMUNICATIONS PLAN
BASICS

8. Copyright © 2014 Rochester Institute of Technology
Communications Plan
• Benefits
– Systematic approach
– Repeatable
– Set and achieve goals
– Be proactive
– Be strategy driven, not event driven
– Strategic plan drives marketing/communications
plan

9. Copyright © 2014 Rochester Institute of Technology
TechComm 101
• “We explain things” (R. J. Lippincott,
Intercom)
• Characteristics
– Interactive and adaptable
– Reader centered
• Personas
– Contextualized
– Concise
– Visual
– Cross cultural

10. Copyright © 2014 Rochester Institute of Technology
RIT IMPLEMENTATION

11. Copyright © 2014 Rochester Institute of Technology
Digital Self Defense Goals
• Inform the entire population about threats.
• Educate new members of the RIT community
on Information Security topics.
• Maintain current information outputs and
engagement on Information Security topics.
• Create new avenues for communication to
expand awareness of Information Security
office.
• Inform community of new Infosec initiatives

12. Copyright © 2014 Rochester Institute of Technology
Challenges
• Multiple audiences
• Messaging overload
• 30% annual turnover
• What, me worry?
• Dry/technical subject

13. Copyright © 2014 Rochester Institute of Technology
Security Awareness Plan
• Components
– Audience analysis
– Key messages
– Communications channels
– Calendar of promotions
– Develop relationships

14. Copyright © 2014 Rochester Institute of Technology
Target Audiences

15. Copyright © 2014 Rochester Institute of Technology
Strategies
• Consistent outreach
• Creative/fun deliverables
• New communication channels
• “What’s in it for me?” fulfillment
– Emphasizing home use
– Easy-to-implement best practices
– Consequences of non-compliance
– Interactive elements

16. Copyright © 2014 Rochester Institute of Technology
Key Message
• Short and Simple

17. Copyright © 2014 Rochester Institute of Technology
Calendar of Promotions

18. Copyright © 2014 Rochester Institute of Technology
Monthly Topics
Month Topic
June, July, August Pre-Semester, Start of Semester
September New Students, New Semester, New Threats
October Cyber Security Awareness Month
November No Click November
December Scams and Hoaxes
January Data Privacy Month
February Ph(F)ebruary Phish
March Mobile Device Madness
April Spring Cleaning
May Graduating to Good Passwords

19. Copyright © 2014 Rochester Institute of Technology
Pre-Semester/Start of Semester

20. Copyright © 2014 Rochester Institute of Technology
Communications Channels
• What’s the best vehicle?

21. Copyright © 2014 Rochester Institute of Technology
Develop Relationships

22. Copyright © 2014 Rochester Institute of Technology
RIT Infosec Website

23. Copyright © 2014 Rochester Institute of Technology
RIT Social Media

24. Copyright © 2014 Rochester Institute of Technology
Posters

25. Copyright © 2014 Rochester Institute of Technology
Go Phish
https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/

26. Copyright © 2014 Rochester Institute of Technology
Alerts and Advisories
• Message Center
Portal/email
• Ad hoc
• ~20 per academic
year

27. Copyright © 2014 Rochester Institute of Technology
Move-in

28. Copyright © 2014 Rochester Institute of Technology
New Student Orientation

29. Copyright © 2014 Rochester Institute of Technology
Lightning Talks
• Six minute presentations
• Slides move every 18 seconds
• Topics
– Online reputation management
– Illegal file sharing
– Safe use of social media
– Securing mobile devices

30. Copyright © 2014 Rochester Institute of Technology
DSD Lightning Talk
• https://www.youtube.com/watch?v=-Yo8TV-ZLbE

31. Copyright © 2014 Rochester Institute of Technology
In Development
• Cyber Hero employee recognition program
• Phishing exercises

32. Copyright © 2014 Rochester Institute of Technology
SUCCESS?

33. Copyright © 2014 Rochester Institute of Technology
Evaluation Tools
• Internal survey tool (in development)
– Fall baseline
– Spring progress

34. Copyright © 2014 Rochester Institute of Technology
Social Media Evaluation

35. Copyright © 2014 Rochester Institute of Technology
External Evaluations
• Use with care
• Kred (2013)
– Influence (trust)
– Outreach (propensity to share)
• Klout (2009)
– Perceived social influence

36. Copyright © 2014 Rochester Institute of Technology
Evaluate and Make
Mid-Course Corrections
• You will make mistakes
• Don’t be afraid to make a change
• Did it make a difference?
• Ways to evaluate
– Surveys
– Analytics
From austinevan

37. Copyright © 2014 Rochester Institute of Technology
Key Success Factors
• What’s in it for them?
• Relevant at home as well as at work
• Reach them where they are

38. Copyright © 2014 Rochester Institute of Technology
Resources
• EDUCAUSE
– Cybersecurity Awareness Resource Library
– Security Awareness Quick Start and Advanced
Guides
• W. K. Kellogg Foundation Template for
Strategic Communications Plan
• Richard Johnson-Sheehan Technical
Communication Today
• Society for Technical Communication

39. Copyright © 2014 Rochester Institute of Technology
Contact Me
Ben Woelk
Ben.woelk@gmail.com; ben.woelk@rit.edu
Benwoelk.com
@benwoelk
www.linkedin.com/in/benwoelk/

40. Copyright © 2014 Rochester Institute of Technology
DISCUSSION