SlideShare a Scribd company logo

We're All Winners--Gamification and Security Awareness

Download as PPTX, PDF
Ben Woelk, CISSP, CPTC
Ben Woelk, CISSP, CPTC

Many experts agree that engaged learners have better retention. Security Awareness programs are often seen only in the context of the information we provide to our audiences. Annual compliance training may not lead to changed behavior. What can we do differently? What does gamification mean for security awareness training and communication. The presenter will discuss opportunities to introduce gamification into security awareness activities. He'll share from specific gamification initiatives undertaken at the Rochester Institute of Technology to increase user awareness. These activities include the development of a Digital Self Defense Dojo, an escape room, and positively-reinforced simulated phishing exercises.

Education
1 of 35
© 2019 Ben Woelk https://youtu.be/cRTaksvIpUg
© 2019 Ben Woelk What is Gamification?
© 2019 Ben Woelk Why Gamify Security Awareness?
© 2019 Ben Woelk Changing the Culture Build strong roots
© 2019 Ben Woelk Build on Foundation •DSD classes •Monthly topics •Social media •Leverage events
© 2019 Ben Woelk Inspiration
© 2019 Ben Woelk DSD Dojo
© 2019 Ben Woelk Digital Self Defense (DSD) Dojo
© 2019 Ben Woelk Dojo Goals •Socialize best practices •Increase training participation
© 2019 Ben Woelk Structure •Badges and Belts •Website •Physical Badges •Gift Cards
© 2019 Ben Woelk
© 2019 Ben Woelk Escape Room
© 2019 Ben Woelk Goals •Leverage escape room popularity •Educate about phishing •Educate about passphrases
© 2019 Ben Woelk Structure •Portable •7 Puzzles •Various locks •USB drive •Fishing game •Email samples
© 2019 Ben Woelk Self Phishing
© 2019 Ben Woelk  Improve end user recognition of phishes  Improve timeliness of reporting  Improve baseline detection rate by 25% • For example, 70% detection rate to 87.5%, NOT 70% to 95% Goals
© 2019 Ben Woelk Guiding Principles  Self Phishing  Positive Experience  Non punitive  Anonymized results 18
© 2019 Ben Woelk
© 2019 Ben Woelk Phish Handling Communications
© 2019 Ben Woelk PhishBowl
© 2019 Ben Woelk Phishing Program Structure  Initial Announcement  Division/Department  3 and 1  Follow up presentations
© 2019 Ben Woelk Reporting Results • Ignored • Reported • Reported in First Minute 2018 12 Delivery 2018 12 File 2018 12 Maintena nce 2019 02 Order 2019 03 Credit 2019 03 Gloogle Doc All 2019 03 Quarentin e 2019 04 Red Light ALL 2019 05 Office 365 Invoice ALL 2019 06 Mailbox Full All 2019 07 Ransomw are All F&A Average Ignored 94% 100% 99% 92% 97% 99% 99% 96% 94% 91% 99% 91% Reported 18% 24% 19% 35% 35% 12% 25% 36% 8% 30% 4% 14% Reported in First Minute 14% 18% 12% 16% 14% 12% 10% 10% 8% 11% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Phishing (by template) Ignored Reported Reported in First Minute
© 2019 Ben Woelk Phish First-minute reports First-minute report rate Reported Report Rate Ignored Ignore Rate 2019 03 Credit 15 14% 37 35% 102 97% 2019 03 Gloogle Doc All 12 12% 12 12% 101 99% 2019 03 Quarantine 10 10% 26 25% 104 99% Sample Department Results
© 2019 Ben Woelk
© 2019 Ben Woelk New Student Orientation
© 2019 Ben Woelk
© 2019 Ben Woelk and…
© 2019 Ben Woelk
© 2019 Ben Woelk Snapchat Filters and Geofencing
© 2019 Ben Woelk
© 2019 Ben Woelk Discussion •Should you gamify? •What would you gamify? •What would you not gamify?
© 2019 Ben Woelk Ben.woelk@rit.edu www.rit.edu/Security 34
© 2019 Ben Woelk References• Jessica Barker, "The Human Nature of Cybersecurity," EDUCAUSE Review, May 20, 2019. • Julianne Basinger, A Campus Culture of Cybersecurity, (Washington DC: The Chronicle of Higher Education, 2019). • Valerie Vogel, "Security Awareness Made Simple: 2019 Security Awareness Campaign Materials," Security Matters (blog), EDUCAUSE Review, December 17, 2018. • Ben Woelk, "Building a Culture of Digital Self Defense," Security Matters (blog), EDUCAUSE Review, September 20, 2016. • Ben Woelk, “Wind, Trees, and Security Awareness" Security Matters (blog), EDUCAUSE Review, September 13, 2019.

Recommended

My First and Next Nonprofit Video
My First and Next Nonprofit VideoMy First and Next Nonprofit Video
My First and Next Nonprofit Video
Brian Oster
 
Turning Parents into Partners SLIDES
Turning Parents into Partners SLIDESTurning Parents into Partners SLIDES
Turning Parents into Partners SLIDES
Anthony Prince
 
How The Platform Model is Transforming Retail
How The Platform Model is Transforming RetailHow The Platform Model is Transforming Retail
How The Platform Model is Transforming Retail
Clémence Pierunek
 
#Vi donate pdf
#Vi donate pdf#Vi donate pdf
#Vi donate pdf
EverTrue
 
Free Webinar: How YOU Can Create Videos for Your Website
Free Webinar: How YOU Can Create Videos for Your WebsiteFree Webinar: How YOU Can Create Videos for Your Website
Free Webinar: How YOU Can Create Videos for Your Website
June Bachman
 
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
Tim Sarrantonio
 
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
AppFolio
 
Rally Webinar: Creative Seasonal Hiring Strategies
Rally Webinar: Creative Seasonal Hiring StrategiesRally Webinar: Creative Seasonal Hiring Strategies
Rally Webinar: Creative Seasonal Hiring Strategies
Rally Recruitment Marketing
 

Recommended

My First and Next Nonprofit Video
My First and Next Nonprofit VideoMy First and Next Nonprofit Video
My First and Next Nonprofit Video
Brian Oster
 
Turning Parents into Partners SLIDES
Turning Parents into Partners SLIDESTurning Parents into Partners SLIDES
Turning Parents into Partners SLIDES
Anthony Prince
 
How The Platform Model is Transforming Retail
How The Platform Model is Transforming RetailHow The Platform Model is Transforming Retail
How The Platform Model is Transforming Retail
Clémence Pierunek
 
#Vi donate pdf
#Vi donate pdf#Vi donate pdf
#Vi donate pdf
EverTrue
 
Free Webinar: How YOU Can Create Videos for Your Website
Free Webinar: How YOU Can Create Videos for Your WebsiteFree Webinar: How YOU Can Create Videos for Your Website
Free Webinar: How YOU Can Create Videos for Your Website
June Bachman
 
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
NetSquared Tech Valley - Digital Engagement in the age of FaceTime, SnapChat,...
Tim Sarrantonio
 
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
"Tips to Soar This Leasing Season" featuring Amy Kosnikowshi
AppFolio
 
Rally Webinar: Creative Seasonal Hiring Strategies
Rally Webinar: Creative Seasonal Hiring StrategiesRally Webinar: Creative Seasonal Hiring Strategies
Rally Webinar: Creative Seasonal Hiring Strategies
Rally Recruitment Marketing
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
Ben Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Ben Woelk, CISSP, CPTC
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
Ben Woelk, CISSP, CPTC
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
Ben Woelk, CISSP, CPTC
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self Defense
Ben Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
Ben Woelk, CISSP, CPTC
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
Ben Woelk, CISSP, CPTC
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
Ben Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
Ben Woelk, CISSP, CPTC
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
Ben Woelk, CISSP, CPTC
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
Ben Woelk, CISSP, CPTC
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
Ben Woelk, CISSP, CPTC
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
Ben Woelk, CISSP, CPTC
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
Ben Woelk, CISSP, CPTC
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
Ben Woelk, CISSP, CPTC
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
Ben Woelk, CISSP, CPTC
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
Elizabeth Walsh
 

More Related Content

More from Ben Woelk, CISSP, CPTC

The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
Ben Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
Ben Woelk, CISSP, CPTC
 

More from Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self Defense
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
 

Recently uploaded

QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 

Recently uploaded (20)

QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use Cases
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 

We're All Winners--Gamification and Security Awareness

  • 1.
  • 2. © 2019 Ben Woelk https://youtu.be/cRTaksvIpUg
  • 3. © 2019 Ben Woelk What is Gamification?
  • 4. © 2019 Ben Woelk Why Gamify Security Awareness?
  • 5. © 2019 Ben Woelk Changing the Culture Build strong roots
  • 6. © 2019 Ben Woelk Build on Foundation •DSD classes •Monthly topics •Social media •Leverage events
  • 7. © 2019 Ben Woelk Inspiration
  • 8. © 2019 Ben Woelk DSD Dojo
  • 9. © 2019 Ben Woelk Digital Self Defense (DSD) Dojo
  • 10. © 2019 Ben Woelk Dojo Goals •Socialize best practices •Increase training participation
  • 11. © 2019 Ben Woelk Structure •Badges and Belts •Website •Physical Badges •Gift Cards
  • 12. © 2019 Ben Woelk
  • 13. © 2019 Ben Woelk Escape Room
  • 14. © 2019 Ben Woelk Goals •Leverage escape room popularity •Educate about phishing •Educate about passphrases
  • 15. © 2019 Ben Woelk Structure •Portable •7 Puzzles •Various locks •USB drive •Fishing game •Email samples
  • 16. © 2019 Ben Woelk Self Phishing
  • 17. © 2019 Ben Woelk  Improve end user recognition of phishes  Improve timeliness of reporting  Improve baseline detection rate by 25% • For example, 70% detection rate to 87.5%, NOT 70% to 95% Goals
  • 18. © 2019 Ben Woelk Guiding Principles  Self Phishing  Positive Experience  Non punitive  Anonymized results 18
  • 19. © 2019 Ben Woelk
  • 20. © 2019 Ben Woelk Phish Handling Communications
  • 21. © 2019 Ben Woelk PhishBowl
  • 22. © 2019 Ben Woelk Phishing Program Structure  Initial Announcement  Division/Department  3 and 1  Follow up presentations
  • 23. © 2019 Ben Woelk Reporting Results • Ignored • Reported • Reported in First Minute 2018 12 Delivery 2018 12 File 2018 12 Maintena nce 2019 02 Order 2019 03 Credit 2019 03 Gloogle Doc All 2019 03 Quarentin e 2019 04 Red Light ALL 2019 05 Office 365 Invoice ALL 2019 06 Mailbox Full All 2019 07 Ransomw are All F&A Average Ignored 94% 100% 99% 92% 97% 99% 99% 96% 94% 91% 99% 91% Reported 18% 24% 19% 35% 35% 12% 25% 36% 8% 30% 4% 14% Reported in First Minute 14% 18% 12% 16% 14% 12% 10% 10% 8% 11% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Phishing (by template) Ignored Reported Reported in First Minute
  • 24. © 2019 Ben Woelk Phish First-minute reports First-minute report rate Reported Report Rate Ignored Ignore Rate 2019 03 Credit 15 14% 37 35% 102 97% 2019 03 Gloogle Doc All 12 12% 12 12% 101 99% 2019 03 Quarantine 10 10% 26 25% 104 99% Sample Department Results
  • 25. © 2019 Ben Woelk
  • 26. © 2019 Ben Woelk New Student Orientation
  • 27. © 2019 Ben Woelk
  • 28. © 2019 Ben Woelk and…
  • 29.
  • 30. © 2019 Ben Woelk
  • 31. © 2019 Ben Woelk Snapchat Filters and Geofencing
  • 32. © 2019 Ben Woelk
  • 33. © 2019 Ben Woelk Discussion •Should you gamify? •What would you gamify? •What would you not gamify?
  • 34. © 2019 Ben Woelk Ben.woelk@rit.edu www.rit.edu/Security 34
  • 35. © 2019 Ben Woelk References• Jessica Barker, "The Human Nature of Cybersecurity," EDUCAUSE Review, May 20, 2019. • Julianne Basinger, A Campus Culture of Cybersecurity, (Washington DC: The Chronicle of Higher Education, 2019). • Valerie Vogel, "Security Awareness Made Simple: 2019 Security Awareness Campaign Materials," Security Matters (blog), EDUCAUSE Review, December 17, 2018. • Ben Woelk, "Building a Culture of Digital Self Defense," Security Matters (blog), EDUCAUSE Review, September 20, 2016. • Ben Woelk, “Wind, Trees, and Security Awareness" Security Matters (blog), EDUCAUSE Review, September 13, 2019.

Editor's Notes

  1. https://youtu.be/cRTaksvIpUg
  2. the application of typical elements of game playing (e.g. point scoring, competition with others, rules of play) to other areas of activity, typically as an online marketing technique to encourage engagement with a product or service
  3. programmatic approach  not enough to communicate only about specific cyberattacks (gusts) as they occur