Ben Woelk, Author at BenWoelk.com

10
Sep 10
0

New Resources for Security Awareness

Category:Higher Education,Information Security,Infosec Communicator,Internet Safety,Uncategorized Tags : Best practice Consultants Education EDUCAUSE General and Freelance Higher education Information security Internet Safety National Cyber Security Awareness Month Policy Security Training

Having trouble with security awareness at your university or college? Need some new ideas? Trying to figure out what to do for National Cyber Security Awareness Month?

The members of the EDUCAUSE Higher Education Information Security Council (HEISC) Awareness and Training Working Group have created some wiki-based resources to help you with your security awareness initiatives.

We’ve created two main resources.

The Quick Start Guide (https://wiki.internet2.edu:443/confluence/x/sRpG) provides ideas and resources for launching a security awareness program. Topics range from establishing an Information Security Awareness Program to different techniques and vehicles for “getting the message out.” The Quick Start Guide is useful for both beginning and advanced security awareness programs.
The Detailed Instruction Manual (https://wiki.internet2.edu:443/confluence/x/yBpG) provides additional topics around selected security awareness initiatives including campus-specific efforts and tips on communicating specific issues.

Check out these resources. The A&T Working Group is delighted to share their ideas with you and they’re there to help you be successful. They have a wide range of expertise and they believe you’ll find these materials valuable.

Ideas to Promote Information Security Awareness (brighthub.com)
WOULD YOU LIKE TO PLAY A GAME? High schoolers invited to NYU-Poly cyber-security games (crunchgear.com)

03
Sep 10
1

Private Information and Portable Devices

Category:Information Security,Infosec Communicator,Internet Safety,mobile device,Privacy,Risk,Uncategorized Tags : Business Data Encryption Information security Medicine Privacy Risk Security University of Rochester USB flash drive

: Image via Wikipedia

Today, I had the privilege of being interviewed by our local YNN cable news about the challenges presented by placing private information on portable devices. A surgeon at the University of Rochester Medical Center had lost a flash drive containing the medical details of around 800 of his patients. The reporter, Anne Lithiluxa, asked me how loss of data could be prevented.

Generally, if you’re going to place private information on a portable device, either the device or the information needs to be encrypted The likelihood of exposure of private information through the loss of portable devices has increased tremendously lately due to the proliferation of smartphones and their use in accessing corporate email accounts. Good information security practice is always a combination of safe handling practices and technical protections.

However, the bottom line is that people are always the weakest link. Technical protections can always be defeated by poor practices.

MXI Security’s Stealth M600 Encrypted USB Flash Drive Receives CESG CAPS Certification (eon.businesswire.com)
Is “Secure Mobile” an Oxymoron? (benwoelk.wordpress.com)
URMC Notifies Patients of Possible Privacy Breach (rochester.ynn.com)

03
Sep 10
1

Having Fun with Security Awareness–Phishing

Category:Higher Education,Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : Best practice Facebook Higher education Information security Information Technology Phishing RIT Rochester Institute of Technology social networking Yale University

Phishy and Ritchie at RIT

The task of creating a culture of information security awareness in higher education can be a daunting one. You may feel as though your efforts are unnoticed and unrewarded. However, one of the really cool things about working in higher ed is that universities and colleges are often willing to share their best practices and even the materials they’ve created. This can ease the burden of coming up with new ideas to to help increase user awareness of information security threats.

Over the last couple of years, higher education has seen an increase in phishing attempts known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s Information Technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (Much as we’d like to block all phishing attempts and train our community to recognize and not respond to password requests, someone will always fall for a well-crafted phish.)

Unsure of how to best combat the threat, we formed a team of our best information technology and information thinkers to address the issue. We chose a multi-pronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem.

One of our coop students had worked the previous summer at Yale University and showed us phishing awareness posters that they had created. We received permission from Yale to modify the posters for our own use and began a poster campaign on campus. We decided to go a step beyond.

What better way to draw attention to phishing than having a giant “phish” walk around campus! Phishy was an instant hit. Phishy visited offices around campus and greeted students with cards that reminded them to NEVER respond to requests for their passwords. Phishy hung around RIT for a week twice during 2009.

Gil Phish at Yale

This fall, Yale leveraged our Phishy idea. They bought a fish costume and greeted new students at orientation. (They also created a Gil Phish Facebook page with pictures of Gil engaged in behavior that could only be described as sub-crustacean…

Building off of each others successes has enabled both universities to create innovative security awareness programs.

Facebook is an increasingly used hook in phishing attacks, report says (sfgate.com)
Phishing scam targets fast food customers (v3.co.uk)
U.S. Labor Day: phishers won’t be on holiday (sunbeltblog.blogspot.com)

31
Aug 10
2

Writing the Next Chapter

Category:Infosec Communicator,Leadchange,STC,STC Rochester,Uncategorized Tags : Business Communication leadership Marketing RIT Rochester Institute of Technology Rochester New York Society for Technical Communication STC Rochester Technical Writing value proposition vision statement

Change is necessary but change is uncomfortable.

We should ignore the past. We should value the past. We should just do it. We should learn from past efforts. Do we dash forward, make our mistakes and sort things out as we go? Do we assess the path forward and move carefully down it? How strong should our sense of urgency be? How fast can and should we move forward? How do we mold individual desires into a shared vision?

We need to attract new members. We want to retain existing members. We have many senior members who have contributed faithfully to STC Rochester. We have new members who may not know our past but who are willing to pour themselves into redefining our organization and positioning ourselves for the future.

These are some of the issues we face as the council charged with stewarding the Rochester Chapter of the Society for Technical Communication. We are a chapter with a long history of excellence. It’s time to write the next chapter.

I’m trying to find a path that allows us to retain the distinctiveness of what has made us STC Rochester while moving to a model that is sustainable and will foster growth. Part of this path forward includes implementing a marketing strategy. We’ve received our marketing plan from Neil Hair’s RIT Marketing Concepts class. The plan identifies key opportunities and strategies for growth. We’ve set up a subgroup to study the plan and bring forward recommendations to our October council meeting.

Our kickoff meeting is September 21st. We’re inviting prospective members and want to be sure we can articulate why they should join STC. There is a good bit of angst surrounding this.

We need to remember to have fun.

Why I Value STC Rochester (benwoelk.wordpress.com)
Value Proposition or Vision Statement? (benwoelk.wordpress.com)
STC’s Project Phoenix – The Rebirth and Renewal of STC (techcommdood.com)

17
Aug 10
11

Why I Value STC Rochester

Category:Infosec Communicator,Leadchange,STC,STC Rochester,Uncategorized Tags : Communication leadership Organization Society for Technical Communication STC Rochester Technical Writing value proposition vision statement

If you’ve been following this blog over the last month (Thank you!), you know I’ve been writing about how our local STC chapter is redefining its value proposition and rethinking how we engage our membership and the community. This blog entry provides a personal view of how STC Rochester is valuable to ME.

Benefits–Why I’m in STC Rochester

The opportunity to network globally with leading technical communications practitioners.
The opportunity to network face-to-face with the local chapter.
Engagement with high level and challenging thinkers in the technical communications profession helps me sharpen my own thinking. Iron sharpens iron.
Opportunities for recognition through tech pubs competitions at local and international levels.
The opportunity to be a change agent, to impact a close circle of fellow practitioners in a positive manner.
The opportunity to help an organization reinvent itself to keep pace with a changing profession and society.
The opportunity to use my skills and knowledge to mentor others and help them advance in the profession.
The opportunity to forge friendships with a great group of people who face similar challenges.
The opportunity to participate in regional and international conferences.
The opportunity to learn.
The joys and challenges of casting a shared vision.
The opportunity to learn and practice servant leadership.

Cost–The flip side

$240 in direct costs for international and chapter membership (subsidized by my employer)
Another $80-100 for different meeting fees, tech comms publication entries, etc.
One evening each month for our admin council
One evening each month for meetings, programs, etc.
One full day for Spectrum, our regional conference
Ten-twenty hours to prepare a presentation at spectrum
Many “spare” moments thinking about what we can achieve this year as a chapter. (I’m not sure if this is a cost or a benefit.)
Countless hours at the keyboard communicating with chapter leadership and the chapter as a whole.

Your turn

Why are YOU active in your organization?

Determining our Value Proposition (benwoelk.wordpress.com)
Value Proposition or Vision Statement? (benwoelk.wordpress.com)
Servant Leadership: Now in 3-D (https://knowledgebishop.wordpress.com)

Author Archives: Ben Woelk

Sep 10

0

New Resources for Security Awareness

Sep 10

1

Private Information and Portable Devices

Aug 10

2

Writing the Next Chapter

Aug 10

11