Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Digital self defense iia isaca it audit seminar

602 views

Published on

Presentation of RIT security awareness program

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Digital self defense iia isaca it audit seminar

  1. 1. Rochester IIA & ISACA IT Audit Seminar December 10, 2015 Ben Woelk, CISSP ISO Program Manager Rochester Institute of Technology
  2. 2. Copyright © 2015 Rochester Institute of Technology Presentation Overview • Background • Communications Plan Basics • RIT Implementation • Success? • Discussion
  3. 3. Copyright © 2014 Rochester Institute of Technology BACKGROUND
  4. 4. Copyright © 2015 Rochester Institute of Technology My Background • Corporate • Higher Education – ISO Office – Adjunct • Techcomm • Computing Security
  5. 5. Copyright © 2014 Rochester Institute of Technology Rochester Institute of Technology • RIT Environment – 18,500 students – 3,500 faculty and staff – International Locations – ~40,000+ systems on the network at any given time – Very skilled IT security students
  6. 6. Copyright © 2014 Rochester Institute of Technology RIT Information Security • RIT ISO – 3 full time • Information Security Officer • Program Manager • Sr. Forensics Investigator – 1-4 student employees • Mix of coop and part- time • Risk Management, not Information Technology
  7. 7. Copyright © 2014 Rochester Institute of Technology COMMUNICATIONS PLAN BASICS
  8. 8. Copyright © 2015 Rochester Institute of Technology Communications Plan • Benefits – Systematic approach – Repeatable – Set and achieve goals – Be proactive – Be strategy driven, not event driven – Strategic plan drives marketing/communications plan
  9. 9. Copyright © 2015 Rochester Institute of Technology TechComm 101 • “We explain things” (R. J. Lippincott, Intercom) • Characteristics – Interactive and adaptable – Reader centered • Personas – Contextualized – Concise – Visual – Cross cultural
  10. 10. Copyright © 2014 Rochester Institute of Technology RIT IMPLEMENTATION
  11. 11. Copyright © 2015 Rochester Institute of Technology Digital Self Defense Goals • Inform the entire population about threats. • Educate new members of the RIT community on Information Security topics. • Maintain current information outputs and engagement on Information Security topics. • Create new avenues for communication to expand awareness of Information Security office. • Inform community of new Infosec initiatives
  12. 12. Copyright © 2015 Rochester Institute of Technology Challenges • Multiple audiences • Messaging overload • 30% annual turnover • What, me worry? • Dry/technical subject
  13. 13. Copyright © 2015 Rochester Institute of Technology Security Awareness Plan • Components – Audience analysis – Key messages – Communications channels – Calendar of promotions – Develop relationships
  14. 14. Copyright © 2015 Rochester Institute of Technology Target Audiences
  15. 15. Copyright © 2015 Rochester Institute of Technology Strategies • Consistent outreach • Creative/fun deliverables • New communication channels • “What’s in it for me?” fulfillment – Emphasizing home use – Easy-to-implement best practices – Consequences of non-compliance – Interactive elements
  16. 16. Copyright © 2015 Rochester Institute of Technology Key Message • Short and Simple
  17. 17. Copyright © 2015 Rochester Institute of Technology Calendar of Promotions
  18. 18. Copyright © 2015 Rochester Institute of Technology Monthly Topics Month Topic June, July, August Pre-Semester, Start of Semester September New Students, New Semester, New Threats October Cyber Security Awareness Month November No Click November December Scams and Hoaxes January Data Privacy Month February Ph(F)ebruary Phish March Mobile Device Madness April Spring Cleaning May Graduating to Good Passwords
  19. 19. Copyright © 2015 Rochester Institute of Technology Pre-Semester/Start of Semester
  20. 20. Copyright © 2015 Rochester Institute of Technology Communications Channels • What’s the best vehicle?
  21. 21. Copyright © 2015 Rochester Institute of Technology Develop Relationships
  22. 22. Copyright © 2015 Rochester Institute of Technology RIT Infosec Website
  23. 23. Copyright © 2015 Rochester Institute of Technology RIT Social Media
  24. 24. Copyright © 2015 Rochester Institute of Technology Posters
  25. 25. Copyright © 2015 Rochester Institute of Technology Go Phish https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
  26. 26. Copyright © 2014 Rochester Institute of Technology Alerts and Advisories • Message Center Portal/email • Ad hoc • ~20 per academic year
  27. 27. Copyright © 2014 Rochester Institute of Technology Move-in
  28. 28. Copyright © 2015 Rochester Institute of Technology New Student Orientation
  29. 29. Copyright © 2015 Rochester Institute of Technology Lightning Talks • Six minute presentations • Slides move every 18 seconds • Topics – Online reputation management – Illegal file sharing – Safe use of social media – Securing mobile devices
  30. 30. Copyright © 2015 Rochester Institute of Technology DSD Lightning Talk • https://www.youtube.com/watch?v=-Yo8TV-ZLbE
  31. 31. Copyright © 2015 Rochester Institute of Technology New vehicles this fall • Bus posters • Employee Benefits Fair • RIT Information Security Field Guide to Identifying Phishing and Scams
  32. 32. Copyright © 2015 Rochester Institute of Technology DSD 101 classes • Tips, Tricks, and Best Practices for staying safe online – Monthly – Departmental presentations
  33. 33. Copyright © 2015 Rochester Institute of Technology RIT Digital Self Defense Team • Launched 11/11/15 – Using internal survey tool to collect metrics and recruit team members – 535 survey participants; 206 joined DSD Team
  34. 34. Copyright © 2015 Rochester Institute of Technology In Development • Phishing exercises
  35. 35. Copyright © 2014 Rochester Institute of Technology SUCCESS?
  36. 36. Copyright © 2015 Rochester Institute of Technology Evaluation Tools • Internal survey tool – Fall baseline (open now) – Spring progress
  37. 37. Copyright © 2015 Rochester Institute of Technology Social Media Evaluation
  38. 38. Copyright © 2015 Rochester Institute of Technology External Evaluations • Use with care • Kred (2013) – Influence (trust) – Outreach (propensity to share) • Klout (2009) – Perceived social influence
  39. 39. Copyright © 2015 Rochester Institute of Technology Evaluate and Make Mid-Course Corrections • You will make mistakes • Don’t be afraid to make a change • Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan
  40. 40. Copyright © 2015 Rochester Institute of Technology Key Success Factors • What’s in it for them? • Relevant at home as well as at work • Reach them where they are
  41. 41. Copyright © 2015 Rochester Institute of Technology Resources • EDUCAUSE – Cybersecurity Awareness Resource Library – Security Awareness Quick Start and Advanced Guides • W. K. Kellogg Foundation Template for Strategic Communications Plan • Richard Johnson-Sheehan Technical Communication Today • Society for Technical Communication
  42. 42. Copyright © 2015 Rochester Institute of Technology Contact Me Ben Woelk Ben.woelk@gmail.com; ben.woelk@rit.edu Benwoelk.com @benwoelk www.linkedin.com/in/benwoelk/
  43. 43. Copyright © 2014 Rochester Institute of Technology DISCUSSION

×