Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Rochester Security Summit
Ben Woelk, CISSP
ISO Program Manager
Rochester Institute of Technology
Copyright © 2014 Rochester Institute of Technology
Presentation Overview
• Background
• Communications Plan Basics
• RIT I...
Copyright © 2014 Rochester Institute of Technology
BACKGROUND
Copyright © 2014 Rochester Institute of Technology
My Background
• Corporate
• Higher Education
– ISO Office
– Adjunct
• T...
Copyright © 2014 Rochester Institute of Technology
Rochester Institute of Technology
• RIT Environment
– 18,500 students
–...
Copyright © 2014 Rochester Institute of Technology
RIT Information Security
• RIT ISO
– 3 full time
• Information Security...
Copyright © 2014 Rochester Institute of Technology
COMMUNICATIONS PLAN
BASICS
Copyright © 2014 Rochester Institute of Technology
Communications Plan
• Benefits
– Systematic approach
– Repeatable
– Set...
Copyright © 2014 Rochester Institute of Technology
TechComm 101
• “We explain things” (R. J. Lippincott,
Intercom)
• Chara...
Copyright © 2014 Rochester Institute of Technology
RIT IMPLEMENTATION
Copyright © 2014 Rochester Institute of Technology
Digital Self Defense Goals
• Inform the entire population about threats...
Copyright © 2014 Rochester Institute of Technology
Challenges
• Multiple audiences
• Messaging overload
• 30% annual turno...
Copyright © 2014 Rochester Institute of Technology
Security Awareness Plan
• Components
– Audience analysis
– Key messages...
Copyright © 2014 Rochester Institute of Technology
Target Audiences
Copyright © 2014 Rochester Institute of Technology
Strategies
• Consistent outreach
• Creative/fun deliverables
• New comm...
Copyright © 2014 Rochester Institute of Technology
Key Message
• Short and Simple
Copyright © 2014 Rochester Institute of Technology
Calendar of Promotions
Copyright © 2014 Rochester Institute of Technology
Monthly Topics
Month Topic
June, July, August Pre-Semester, Start of Se...
Copyright © 2014 Rochester Institute of Technology
Pre-Semester/Start of Semester
Copyright © 2014 Rochester Institute of Technology
Communications Channels
• What’s the best vehicle?
Copyright © 2014 Rochester Institute of Technology
Develop Relationships
Copyright © 2014 Rochester Institute of Technology
RIT Infosec Website
Copyright © 2014 Rochester Institute of Technology
RIT Social Media
Copyright © 2014 Rochester Institute of Technology
Posters
Copyright © 2014 Rochester Institute of Technology
Go Phish
https://www.pinterest.com/ritinfosec/playing-cards-by-rit-info...
Copyright © 2014 Rochester Institute of Technology
Alerts and Advisories
• Message Center
Portal/email
• Ad hoc
• ~20 per ...
Copyright © 2014 Rochester Institute of Technology
Move-in
Copyright © 2014 Rochester Institute of Technology
New Student Orientation
Copyright © 2014 Rochester Institute of Technology
Lightning Talks
• Six minute presentations
• Slides move every 18 secon...
Copyright © 2014 Rochester Institute of Technology
DSD Lightning Talk
• https://www.youtube.com/watch?v=-Yo8TV-ZLbE
Copyright © 2014 Rochester Institute of Technology
In Development
• Cyber Hero employee recognition program
• Phishing exe...
Copyright © 2014 Rochester Institute of Technology
SUCCESS?
Copyright © 2014 Rochester Institute of Technology
Evaluation Tools
• Internal survey tool (in development)
– Fall baselin...
Copyright © 2014 Rochester Institute of Technology
Social Media Evaluation
Copyright © 2014 Rochester Institute of Technology
External Evaluations
• Use with care
• Kred (2013)
– Influence (trust)
...
Copyright © 2014 Rochester Institute of Technology
Evaluate and Make
Mid-Course Corrections
• You will make mistakes
• Don...
Copyright © 2014 Rochester Institute of Technology
Key Success Factors
• What’s in it for them?
• Relevant at home as well...
Copyright © 2014 Rochester Institute of Technology
Resources
• EDUCAUSE
– Cybersecurity Awareness Resource Library
– Secur...
Copyright © 2014 Rochester Institute of Technology
Contact Me
Ben Woelk
Ben.woelk@gmail.com; ben.woelk@rit.edu
Benwoelk.co...
Copyright © 2014 Rochester Institute of Technology
DISCUSSION
Upcoming SlideShare
Loading in …5
×

Digital Self Defense at RIT

428 views

Published on

Exploration of the Digital Self Defense Security Awareness program at the Rochester Institute of Technology. Delivered at the Rochester Security Summit, October 2015.

Published in: Business
  • Be the first to comment

Digital Self Defense at RIT

  1. 1. Rochester Security Summit Ben Woelk, CISSP ISO Program Manager Rochester Institute of Technology
  2. 2. Copyright © 2014 Rochester Institute of Technology Presentation Overview • Background • Communications Plan Basics • RIT Implementation • Success? • Discussion
  3. 3. Copyright © 2014 Rochester Institute of Technology BACKGROUND
  4. 4. Copyright © 2014 Rochester Institute of Technology My Background • Corporate • Higher Education – ISO Office – Adjunct • Techcomm • Computing Security
  5. 5. Copyright © 2014 Rochester Institute of Technology Rochester Institute of Technology • RIT Environment – 18,500 students – 3,500 faculty and staff – International Locations – ~40,000+ systems on the network at any given time – Very skilled IT security students
  6. 6. Copyright © 2014 Rochester Institute of Technology RIT Information Security • RIT ISO – 3 full time • Information Security Officer • Program Manager • Sr. Forensics Investigator – 1-4 student employees • Mix of coop and part- time • Risk Management, not Information Technology
  7. 7. Copyright © 2014 Rochester Institute of Technology COMMUNICATIONS PLAN BASICS
  8. 8. Copyright © 2014 Rochester Institute of Technology Communications Plan • Benefits – Systematic approach – Repeatable – Set and achieve goals – Be proactive – Be strategy driven, not event driven – Strategic plan drives marketing/communications plan
  9. 9. Copyright © 2014 Rochester Institute of Technology TechComm 101 • “We explain things” (R. J. Lippincott, Intercom) • Characteristics – Interactive and adaptable – Reader centered • Personas – Contextualized – Concise – Visual – Cross cultural
  10. 10. Copyright © 2014 Rochester Institute of Technology RIT IMPLEMENTATION
  11. 11. Copyright © 2014 Rochester Institute of Technology Digital Self Defense Goals • Inform the entire population about threats. • Educate new members of the RIT community on Information Security topics. • Maintain current information outputs and engagement on Information Security topics. • Create new avenues for communication to expand awareness of Information Security office. • Inform community of new Infosec initiatives
  12. 12. Copyright © 2014 Rochester Institute of Technology Challenges • Multiple audiences • Messaging overload • 30% annual turnover • What, me worry? • Dry/technical subject
  13. 13. Copyright © 2014 Rochester Institute of Technology Security Awareness Plan • Components – Audience analysis – Key messages – Communications channels – Calendar of promotions – Develop relationships
  14. 14. Copyright © 2014 Rochester Institute of Technology Target Audiences
  15. 15. Copyright © 2014 Rochester Institute of Technology Strategies • Consistent outreach • Creative/fun deliverables • New communication channels • “What’s in it for me?” fulfillment – Emphasizing home use – Easy-to-implement best practices – Consequences of non-compliance – Interactive elements
  16. 16. Copyright © 2014 Rochester Institute of Technology Key Message • Short and Simple
  17. 17. Copyright © 2014 Rochester Institute of Technology Calendar of Promotions
  18. 18. Copyright © 2014 Rochester Institute of Technology Monthly Topics Month Topic June, July, August Pre-Semester, Start of Semester September New Students, New Semester, New Threats October Cyber Security Awareness Month November No Click November December Scams and Hoaxes January Data Privacy Month February Ph(F)ebruary Phish March Mobile Device Madness April Spring Cleaning May Graduating to Good Passwords
  19. 19. Copyright © 2014 Rochester Institute of Technology Pre-Semester/Start of Semester
  20. 20. Copyright © 2014 Rochester Institute of Technology Communications Channels • What’s the best vehicle?
  21. 21. Copyright © 2014 Rochester Institute of Technology Develop Relationships
  22. 22. Copyright © 2014 Rochester Institute of Technology RIT Infosec Website
  23. 23. Copyright © 2014 Rochester Institute of Technology RIT Social Media
  24. 24. Copyright © 2014 Rochester Institute of Technology Posters
  25. 25. Copyright © 2014 Rochester Institute of Technology Go Phish https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
  26. 26. Copyright © 2014 Rochester Institute of Technology Alerts and Advisories • Message Center Portal/email • Ad hoc • ~20 per academic year
  27. 27. Copyright © 2014 Rochester Institute of Technology Move-in
  28. 28. Copyright © 2014 Rochester Institute of Technology New Student Orientation
  29. 29. Copyright © 2014 Rochester Institute of Technology Lightning Talks • Six minute presentations • Slides move every 18 seconds • Topics – Online reputation management – Illegal file sharing – Safe use of social media – Securing mobile devices
  30. 30. Copyright © 2014 Rochester Institute of Technology DSD Lightning Talk • https://www.youtube.com/watch?v=-Yo8TV-ZLbE
  31. 31. Copyright © 2014 Rochester Institute of Technology In Development • Cyber Hero employee recognition program • Phishing exercises
  32. 32. Copyright © 2014 Rochester Institute of Technology SUCCESS?
  33. 33. Copyright © 2014 Rochester Institute of Technology Evaluation Tools • Internal survey tool (in development) – Fall baseline – Spring progress
  34. 34. Copyright © 2014 Rochester Institute of Technology Social Media Evaluation
  35. 35. Copyright © 2014 Rochester Institute of Technology External Evaluations • Use with care • Kred (2013) – Influence (trust) – Outreach (propensity to share) • Klout (2009) – Perceived social influence
  36. 36. Copyright © 2014 Rochester Institute of Technology Evaluate and Make Mid-Course Corrections • You will make mistakes • Don’t be afraid to make a change • Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan
  37. 37. Copyright © 2014 Rochester Institute of Technology Key Success Factors • What’s in it for them? • Relevant at home as well as at work • Reach them where they are
  38. 38. Copyright © 2014 Rochester Institute of Technology Resources • EDUCAUSE – Cybersecurity Awareness Resource Library – Security Awareness Quick Start and Advanced Guides • W. K. Kellogg Foundation Template for Strategic Communications Plan • Richard Johnson-Sheehan Technical Communication Today • Society for Technical Communication
  39. 39. Copyright © 2014 Rochester Institute of Technology Contact Me Ben Woelk Ben.woelk@gmail.com; ben.woelk@rit.edu Benwoelk.com @benwoelk www.linkedin.com/in/benwoelk/
  40. 40. Copyright © 2014 Rochester Institute of Technology DISCUSSION

×