SlideShare a Scribd company logo
1 of 43
Download to read offline
Rochester IIA & ISACA IT Audit Seminar
December 10, 2015
Ben Woelk, CISSP
ISO Program Manager
Rochester Institute of Technology
Copyright © 2015 Rochester Institute of Technology
Presentation Overview
• Background
• Communications Plan Basics
• RIT Implementation
• Success?
• Discussion
Copyright © 2014 Rochester Institute of Technology
BACKGROUND
Copyright © 2015 Rochester Institute of Technology
My Background
• Corporate
• Higher Education
– ISO Office
– Adjunct
• Techcomm
• Computing Security
Copyright © 2014 Rochester Institute of Technology
Rochester Institute of Technology
• RIT Environment
– 18,500 students
– 3,500 faculty and
staff
– International
Locations
– ~40,000+ systems on
the network at any
given time
– Very skilled IT
security students
Copyright © 2014 Rochester Institute of Technology
RIT Information Security
• RIT ISO
– 3 full time
• Information Security
Officer
• Program Manager
• Sr. Forensics
Investigator
– 1-4 student employees
• Mix of coop and part-
time
• Risk Management,
not Information
Technology
Copyright © 2014 Rochester Institute of Technology
COMMUNICATIONS PLAN
BASICS
Copyright © 2015 Rochester Institute of Technology
Communications Plan
• Benefits
– Systematic approach
– Repeatable
– Set and achieve goals
– Be proactive
– Be strategy driven, not event driven
– Strategic plan drives marketing/communications
plan
Copyright © 2015 Rochester Institute of Technology
TechComm 101
• “We explain things” (R. J. Lippincott,
Intercom)
• Characteristics
– Interactive and adaptable
– Reader centered
• Personas
– Contextualized
– Concise
– Visual
– Cross cultural
Copyright © 2014 Rochester Institute of Technology
RIT IMPLEMENTATION
Copyright © 2015 Rochester Institute of Technology
Digital Self Defense Goals
• Inform the entire population about threats.
• Educate new members of the RIT community
on Information Security topics.
• Maintain current information outputs and
engagement on Information Security topics.
• Create new avenues for communication to
expand awareness of Information Security
office.
• Inform community of new Infosec initiatives
Copyright © 2015 Rochester Institute of Technology
Challenges
• Multiple audiences
• Messaging overload
• 30% annual turnover
• What, me worry?
• Dry/technical subject
Copyright © 2015 Rochester Institute of Technology
Security Awareness Plan
• Components
– Audience analysis
– Key messages
– Communications channels
– Calendar of promotions
– Develop relationships
Copyright © 2015 Rochester Institute of Technology
Target Audiences
Copyright © 2015 Rochester Institute of Technology
Strategies
• Consistent outreach
• Creative/fun deliverables
• New communication channels
• “What’s in it for me?” fulfillment
– Emphasizing home use
– Easy-to-implement best practices
– Consequences of non-compliance
– Interactive elements
Copyright © 2015 Rochester Institute of Technology
Key Message
• Short and Simple
Copyright © 2015 Rochester Institute of Technology
Calendar of Promotions
Copyright © 2015 Rochester Institute of Technology
Monthly Topics
Month Topic
June, July, August Pre-Semester, Start of Semester
September New Students, New Semester, New Threats
October Cyber Security Awareness Month
November No Click November
December Scams and Hoaxes
January Data Privacy Month
February Ph(F)ebruary Phish
March Mobile Device Madness
April Spring Cleaning
May Graduating to Good Passwords
Copyright © 2015 Rochester Institute of Technology
Pre-Semester/Start of Semester
Copyright © 2015 Rochester Institute of Technology
Communications Channels
• What’s the best vehicle?
Copyright © 2015 Rochester Institute of Technology
Develop Relationships
Copyright © 2015 Rochester Institute of Technology
RIT Infosec Website
Copyright © 2015 Rochester Institute of Technology
RIT Social Media
Copyright © 2015 Rochester Institute of Technology
Posters
Copyright © 2015 Rochester Institute of Technology
Go Phish
https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
Copyright © 2014 Rochester Institute of Technology
Alerts and Advisories
• Message Center
Portal/email
• Ad hoc
• ~20 per academic
year
Copyright © 2014 Rochester Institute of Technology
Move-in
Copyright © 2015 Rochester Institute of Technology
New Student Orientation
Copyright © 2015 Rochester Institute of Technology
Lightning Talks
• Six minute presentations
• Slides move every 18 seconds
• Topics
– Online reputation management
– Illegal file sharing
– Safe use of social media
– Securing mobile devices
Copyright © 2015 Rochester Institute of Technology
DSD Lightning Talk
• https://www.youtube.com/watch?v=-Yo8TV-ZLbE
Copyright © 2015 Rochester Institute of Technology
New vehicles this fall
• Bus posters
• Employee Benefits Fair
• RIT Information Security
Field Guide to Identifying
Phishing and Scams
Copyright © 2015 Rochester Institute of Technology
DSD 101 classes
• Tips, Tricks, and Best Practices for staying
safe online
– Monthly
– Departmental presentations
Copyright © 2015 Rochester Institute of Technology
RIT Digital Self Defense Team
• Launched 11/11/15
– Using internal survey tool to collect metrics and
recruit team members
– 535 survey participants; 206 joined DSD Team
Copyright © 2015 Rochester Institute of Technology
In Development
• Phishing exercises
Copyright © 2014 Rochester Institute of Technology
SUCCESS?
Copyright © 2015 Rochester Institute of Technology
Evaluation Tools
• Internal survey tool
– Fall baseline (open now)
– Spring progress
Copyright © 2015 Rochester Institute of Technology
Social Media Evaluation
Copyright © 2015 Rochester Institute of Technology
External Evaluations
• Use with care
• Kred (2013)
– Influence (trust)
– Outreach (propensity to share)
• Klout (2009)
– Perceived social influence
Copyright © 2015 Rochester Institute of Technology
Evaluate and Make
Mid-Course Corrections
• You will make mistakes
• Don’t be afraid to make a change
• Did it make a difference?
• Ways to evaluate
– Surveys
– Analytics
From austinevan
Copyright © 2015 Rochester Institute of Technology
Key Success Factors
• What’s in it for them?
• Relevant at home as well as at work
• Reach them where they are
Copyright © 2015 Rochester Institute of Technology
Resources
• EDUCAUSE
– Cybersecurity Awareness Resource Library
– Security Awareness Quick Start and Advanced
Guides
• W. K. Kellogg Foundation Template for
Strategic Communications Plan
• Richard Johnson-Sheehan Technical
Communication Today
• Society for Technical Communication
Copyright © 2015 Rochester Institute of Technology
Contact Me
Ben Woelk
Ben.woelk@gmail.com; ben.woelk@rit.edu
Benwoelk.com
@benwoelk
www.linkedin.com/in/benwoelk/
Copyright © 2014 Rochester Institute of Technology
DISCUSSION

More Related Content

Similar to Digital self defense iia isaca it audit seminar

The Course Implementation
The Course ImplementationThe Course Implementation
The Course ImplementationLeia Jackson
 
Controlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM GovernanceControlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM GovernanceCherwell Software
 
Tools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In SchoolsTools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In Schoolsfridayinstitute
 
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONCo-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONJoyce Lu
 
[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the JourneyWSO2
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application pptswahl123
 
2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in ReviewJamie Seger
 
Introduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter dataIntroduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter dataDr Wasim Ahmed
 
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...SURF Events
 
FDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdfFDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdfgurukhade1
 
Transforming student engagement using mobile technology
Transforming student engagement using mobile technologyTransforming student engagement using mobile technology
Transforming student engagement using mobile technologyCapita FHE
 
How to Build a Learning Tech Stack
How to Build a Learning Tech StackHow to Build a Learning Tech Stack
How to Build a Learning Tech StackWatershed
 
NUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information SessionNUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information Sessionengtsze
 
PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)Michael Dobe, Ph.D.
 
Learning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 MeetingLearning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 MeetingJames Little
 
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG
 
Management of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologiesManagement of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologiesGiovanni Marconato
 

Similar to Digital self defense iia isaca it audit seminar (20)

UNYCC Information Security Discussion
UNYCC Information Security DiscussionUNYCC Information Security Discussion
UNYCC Information Security Discussion
 
The Course Implementation
The Course ImplementationThe Course Implementation
The Course Implementation
 
Controlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM GovernanceControlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM Governance
 
Tools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In SchoolsTools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In Schools
 
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONCo-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSION
 
[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application ppt
 
2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review
 
Introduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter dataIntroduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter data
 
Online education in the field of Responsible Education
Online education in the field of Responsible EducationOnline education in the field of Responsible Education
Online education in the field of Responsible Education
 
GR Techincal Resume
GR Techincal ResumeGR Techincal Resume
GR Techincal Resume
 
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
 
FDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdfFDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdf
 
Transforming student engagement using mobile technology
Transforming student engagement using mobile technologyTransforming student engagement using mobile technology
Transforming student engagement using mobile technology
 
How to Build a Learning Tech Stack
How to Build a Learning Tech StackHow to Build a Learning Tech Stack
How to Build a Learning Tech Stack
 
NUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information SessionNUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information Session
 
PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)
 
Learning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 MeetingLearning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 Meeting
 
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
 
Management of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologiesManagement of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologies
 

More from Ben Woelk, CISSP, CPTC

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceBen Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxBen Woelk, CISSP, CPTC
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesBen Woelk, CISSP, CPTC
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesBen Woelk, CISSP, CPTC
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessBen Woelk, CISSP, CPTC
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBen Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18Ben Woelk, CISSP, CPTC
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityBen Woelk, CISSP, CPTC
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsBen Woelk, CISSP, CPTC
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsBen Woelk, CISSP, CPTC
 
Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)Ben Woelk, CISSP, CPTC
 
Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader Ben Woelk, CISSP, CPTC
 

More from Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self Defense
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
 
A Techcomm Bestiary Spectrum14
A Techcomm Bestiary Spectrum14A Techcomm Bestiary Spectrum14
A Techcomm Bestiary Spectrum14
 
Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)
 
Security Awareness at RIT 2012-2013
Security Awareness at RIT 2012-2013Security Awareness at RIT 2012-2013
Security Awareness at RIT 2012-2013
 
Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader
 
Bulletproofing Your Career Online
Bulletproofing Your Career OnlineBulletproofing Your Career Online
Bulletproofing Your Career Online
 

Recently uploaded

4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 

Recently uploaded (20)

4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 

Digital self defense iia isaca it audit seminar

  • 1. Rochester IIA & ISACA IT Audit Seminar December 10, 2015 Ben Woelk, CISSP ISO Program Manager Rochester Institute of Technology
  • 2. Copyright © 2015 Rochester Institute of Technology Presentation Overview • Background • Communications Plan Basics • RIT Implementation • Success? • Discussion
  • 3. Copyright © 2014 Rochester Institute of Technology BACKGROUND
  • 4. Copyright © 2015 Rochester Institute of Technology My Background • Corporate • Higher Education – ISO Office – Adjunct • Techcomm • Computing Security
  • 5. Copyright © 2014 Rochester Institute of Technology Rochester Institute of Technology • RIT Environment – 18,500 students – 3,500 faculty and staff – International Locations – ~40,000+ systems on the network at any given time – Very skilled IT security students
  • 6. Copyright © 2014 Rochester Institute of Technology RIT Information Security • RIT ISO – 3 full time • Information Security Officer • Program Manager • Sr. Forensics Investigator – 1-4 student employees • Mix of coop and part- time • Risk Management, not Information Technology
  • 7. Copyright © 2014 Rochester Institute of Technology COMMUNICATIONS PLAN BASICS
  • 8. Copyright © 2015 Rochester Institute of Technology Communications Plan • Benefits – Systematic approach – Repeatable – Set and achieve goals – Be proactive – Be strategy driven, not event driven – Strategic plan drives marketing/communications plan
  • 9. Copyright © 2015 Rochester Institute of Technology TechComm 101 • “We explain things” (R. J. Lippincott, Intercom) • Characteristics – Interactive and adaptable – Reader centered • Personas – Contextualized – Concise – Visual – Cross cultural
  • 10. Copyright © 2014 Rochester Institute of Technology RIT IMPLEMENTATION
  • 11. Copyright © 2015 Rochester Institute of Technology Digital Self Defense Goals • Inform the entire population about threats. • Educate new members of the RIT community on Information Security topics. • Maintain current information outputs and engagement on Information Security topics. • Create new avenues for communication to expand awareness of Information Security office. • Inform community of new Infosec initiatives
  • 12. Copyright © 2015 Rochester Institute of Technology Challenges • Multiple audiences • Messaging overload • 30% annual turnover • What, me worry? • Dry/technical subject
  • 13. Copyright © 2015 Rochester Institute of Technology Security Awareness Plan • Components – Audience analysis – Key messages – Communications channels – Calendar of promotions – Develop relationships
  • 14. Copyright © 2015 Rochester Institute of Technology Target Audiences
  • 15. Copyright © 2015 Rochester Institute of Technology Strategies • Consistent outreach • Creative/fun deliverables • New communication channels • “What’s in it for me?” fulfillment – Emphasizing home use – Easy-to-implement best practices – Consequences of non-compliance – Interactive elements
  • 16. Copyright © 2015 Rochester Institute of Technology Key Message • Short and Simple
  • 17. Copyright © 2015 Rochester Institute of Technology Calendar of Promotions
  • 18. Copyright © 2015 Rochester Institute of Technology Monthly Topics Month Topic June, July, August Pre-Semester, Start of Semester September New Students, New Semester, New Threats October Cyber Security Awareness Month November No Click November December Scams and Hoaxes January Data Privacy Month February Ph(F)ebruary Phish March Mobile Device Madness April Spring Cleaning May Graduating to Good Passwords
  • 19. Copyright © 2015 Rochester Institute of Technology Pre-Semester/Start of Semester
  • 20. Copyright © 2015 Rochester Institute of Technology Communications Channels • What’s the best vehicle?
  • 21. Copyright © 2015 Rochester Institute of Technology Develop Relationships
  • 22. Copyright © 2015 Rochester Institute of Technology RIT Infosec Website
  • 23. Copyright © 2015 Rochester Institute of Technology RIT Social Media
  • 24. Copyright © 2015 Rochester Institute of Technology Posters
  • 25. Copyright © 2015 Rochester Institute of Technology Go Phish https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
  • 26. Copyright © 2014 Rochester Institute of Technology Alerts and Advisories • Message Center Portal/email • Ad hoc • ~20 per academic year
  • 27. Copyright © 2014 Rochester Institute of Technology Move-in
  • 28. Copyright © 2015 Rochester Institute of Technology New Student Orientation
  • 29. Copyright © 2015 Rochester Institute of Technology Lightning Talks • Six minute presentations • Slides move every 18 seconds • Topics – Online reputation management – Illegal file sharing – Safe use of social media – Securing mobile devices
  • 30. Copyright © 2015 Rochester Institute of Technology DSD Lightning Talk • https://www.youtube.com/watch?v=-Yo8TV-ZLbE
  • 31. Copyright © 2015 Rochester Institute of Technology New vehicles this fall • Bus posters • Employee Benefits Fair • RIT Information Security Field Guide to Identifying Phishing and Scams
  • 32. Copyright © 2015 Rochester Institute of Technology DSD 101 classes • Tips, Tricks, and Best Practices for staying safe online – Monthly – Departmental presentations
  • 33. Copyright © 2015 Rochester Institute of Technology RIT Digital Self Defense Team • Launched 11/11/15 – Using internal survey tool to collect metrics and recruit team members – 535 survey participants; 206 joined DSD Team
  • 34. Copyright © 2015 Rochester Institute of Technology In Development • Phishing exercises
  • 35. Copyright © 2014 Rochester Institute of Technology SUCCESS?
  • 36. Copyright © 2015 Rochester Institute of Technology Evaluation Tools • Internal survey tool – Fall baseline (open now) – Spring progress
  • 37. Copyright © 2015 Rochester Institute of Technology Social Media Evaluation
  • 38. Copyright © 2015 Rochester Institute of Technology External Evaluations • Use with care • Kred (2013) – Influence (trust) – Outreach (propensity to share) • Klout (2009) – Perceived social influence
  • 39. Copyright © 2015 Rochester Institute of Technology Evaluate and Make Mid-Course Corrections • You will make mistakes • Don’t be afraid to make a change • Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan
  • 40. Copyright © 2015 Rochester Institute of Technology Key Success Factors • What’s in it for them? • Relevant at home as well as at work • Reach them where they are
  • 41. Copyright © 2015 Rochester Institute of Technology Resources • EDUCAUSE – Cybersecurity Awareness Resource Library – Security Awareness Quick Start and Advanced Guides • W. K. Kellogg Foundation Template for Strategic Communications Plan • Richard Johnson-Sheehan Technical Communication Today • Society for Technical Communication
  • 42. Copyright © 2015 Rochester Institute of Technology Contact Me Ben Woelk Ben.woelk@gmail.com; ben.woelk@rit.edu Benwoelk.com @benwoelk www.linkedin.com/in/benwoelk/
  • 43. Copyright © 2014 Rochester Institute of Technology DISCUSSION

Editor's Notes

  1. What’s the best vehicle? Paper: Brochures, advertisements Digital: online sites, RSS links to website Social media: Facebook, Twitter, LinkedIn Video: YouTube In person: presentations, information fairs All of the above!