Category Archives: EDUCAUSE

  • 0

  • 0

Engage! Creating a Meaningful Security Awareness Program (Updated)

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Presentations,Social Networking Tags : 
7/12/12 Updated with seminar slides!
View more PowerPoint from Ben Woelk

This may start quite the discussion, but it’s a viable argument that good Information Security practices are primarily about people, not technology.

Do you need help creating a security awareness program? Would you like to use social media to engage your audience?Would you like to integrate video or podcasts? Do you know how to best participate in National Cyber Security Awareness Month or Data Privacy Day?

Cherry Delaney (Purdue University) and Ben Woelk (Rochester Institute of Technology) presented a 3½ hour seminar at the EDUCAUSE Security Professionals/IT Enterprise Leadership Conference in Indianapolis on Thursday afternoon, May 17th.

The seminar is designed for security managers, CIOs, CISOs, ISO, and IT Communications professionals. (There is an additional fee.)

Session Comments

SESSION CONTENT QUESTIONS
  • Overall evaluation of presentation
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
  • Presented as described in the abstract
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
  • Organized in logical, coherent way
  • Excellent 50%
  • Good 50%
  • Fair 0%
  • Poor 0%
  • Key points supported with breadth and depth
    • Excellent 50%
    • Good 50%
    • Fair 0%
    • Poor 0%
  • Clearly stated significance of project/area of work that points to future use
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
  • Appropriate selection of resources/handouts
    • Excellent 50%
    • Good 0%
    • Fair 50%
    • Poor 0%
  • Allowed sufficient time for Q&A
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
SESSION DELIVERY/SPEAKER QUESTIONS
  • Knowledge of topic
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
  • Engaged the audience
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0 %
  • Clearly introduced and reinforced key points
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%
  • Effectively used slides/visuals to organize and display content
    • Excellent 100%
    • Good 0%
    • Fair 0%
    • Poor 0%

2 evaluation forms were returned for this session.

COMMENTS:

  • I don’t know how this presentation could be better. The content and presentation was very helpful for me. Maybe in another year or two I might have some hind-sight. It was nice to have them provide the structure and the abstract. it was also very beneficial to hear about measuring the effectiveness of this process is hit-or-miss so I know what to expect.
  • The formal training part was more helpful than I anticipated. Sometimes I think i know more than I do!

  • 17

Twitter Use at #STC12 Summit

Category:EDUCAUSE,Infosec Communicator,Social Networking,STC,Summit,techcomm,Uncategorized

For the two year anniversary of this blog, we’ll review Twitter use at the STC Summit conference. Twitter use among attendees continues to grow dramatically. Although this post only looks at tweets during the dates of the Summit (May 19-24), use of the #stc12 hashtag began months before the conference and continues today.

Methodology

Unlike previous years where I put a great deal of manual effort into compiling the tweets by pulling from my #stc10 and #stc11 RSS feed, this year I’ve relied on the suggestions and work of colleagues Kevin Cuddihy of STC and Karen Mardahl. Thanks also to Rick Sapir for his suggestion to use twdocs.com to collect the tweets.

Graphical Portrayals of #STC12 Information

Kevin Cuddihy published a Wordle of the most commonly used tweets at the conference in his Summit Blog post. Here’s the Wordle he compiled:

As Kevin has noted, you can see that a good amount of the Wordle is composed of usernames.

Karen Mardahl (@kmdk) uses The Archivist to compile an analysis of the tweets. The two graphics and lists below are taken from her archive.

Top Twelve Twitter Handles (% Total Tweets)

  1. 10.68% by arnoldburian (Arnold Burian)
  2. 7.45% AndreaJWenger (Andrea Wenger)
  3. 6.12% dccd (David Caruso)
  4. 5.67% rjhoughton (Rachel Houghton)
  5. 5.54% seanb_us (Sean Bean)
  6. 5.19% viqui_dill (Viqui Dill)
  7. 4.39% ninjawritermama (Sarah Baca)
  8. 4.08% phylisebanner (Phylise Banner)
  9. 4.03% ricksapir (Rick Sapir)
  10. 3.99% benwoelk (Ben Woelk)
  11. 3.95% Paul_UserAid (Paul Mueller)
  12. 3.90% MKGee (MaryKay Greuneberg)

Selected Key Words (occurrences)

  1. STC12
  2. Techcomm
  3. Content
  4. Summit
  5. @AMP;
  6. Thanks
  7. STC
  8. Session
  9. Chicago
  10. STCorg
  11. Need
  12. It’s

Observations

This year saw a number of new people “leading the way” with tweets. (Some of the usual suspects were quite busy behind the scenes, contributing to their drop in tweets. Of course, it’s also possible they were doing F2F networking!)

The week previous to #STC12, I attended the EDUCAUSE Security Professionals Conference (#sec12). The tweets at #stc12 far outnumbered those at #sec12. In my experience, security professionals are reticent about using social media. That may have been a factor in the difference.

If any of you are interested in doing a more thorough analysis of Twitter use at #stc12, let me know and I’ll send you Kevin’s document containing more than 500 pages and 87K words!

Let’s hear from you!

Did you tweet during Summit? How long have you been tweeting? What do you tweet about? Do you tweet more during conferences?

Enhanced by Zemanta

  • 1

Updated: 2012 Speaking Schedule, January through June

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,STC Rochester,Summit Tags : 

I’ll be speaking at the following events this winter and spring. Watch for my presentation materials on SlideShare.

January 9: HEISC (Higher Education Information Security Council), Town Hall. Recording available.

January 30:  Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), ABCPNG (Always Be Connecting Power Networking Group), First Unitarian Church, Rochester, New York

Description: What are the 10 key steps to building and securing your online reputation? A security professional and a career sherpa provide their perspectives on how to create an online presence that enhances and promotes your career safely and effectively.

April 23rd: Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), STC Rochester Spectrum Conference, Rochester Institute of Technology, Rochester, New York

April 24th: Leadership Day, STC Rochester Spectrum Conference, Rochester Institute of Technology, Rochester, New York

Facilitating the event and the panel discussion

May 17: Engage! Creating a Meaningful Security Awareness Program (with Cherry Delaney, Purdue University), EDUCAUSE Security Professionals Conference 2012, Indianapolis, IN

 Abstract: This session will help attendees identify available resources and tools and determine the steps needed to create an engaging security awareness program. We’ll share how to integrate social media, video and other resources in an effort to reach a variety of audiences. We’ll also discuss how to leverage security incidents to create opportunities for engagement with your community. We’ll conclude the session by helping you plan a series of targeted activities for a high profile event such as the National Cyber Security Awareness Month.

May 20: Communications Liftoff! Rocketing your Community to the Stars, Leadership Day progression, STC Summit, Rosemont, IL

May 21: Bullet Proofing Your Career Online (with Hannah Morgan), STC Summit, Rosemont, IL

May 23: Shockproofing Your Use of Social Media 2012, STC Summit, Rosemont, IL

Description: Lightning Talk. What are the top ten ways to shockproof your use of social media? What’s new for 2012?
Enhanced by Zemanta

  • 0

Secure Mobile-an Oxymoron? (Redux)

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Risk,Uncategorized Tags : 

Responses to the #1 topic on IdeaScale, “Consumers dictate device usage, not IT,” indicate that MANY of you believe consumers will drive smartphone adoption in Higher Education, while the sentiment around the topic, “Get rid of the walls around your enterprise data,” indicates that quite a few of you believe that core university data should be accessible to smartphone users.

However, yesterday’s polls have shown that not even all of the attendees of yesterday’s webinar use PINS or swipe patterns on their smartphones. The inherent difficulties in entering a complex password on a smartphone increase the likelihood that users will rely on simple passwords, if any, to access their devices. At the same time, users are expecting access to more and more university resources through their smartphones, increasing the risk of a data breach.

Where does security fit into this picture?

In Thursday’s webinar, “Smartphone Privacy & Security, What Should We Teach Our Users?“, the speaker, Norman Sadeh, indicated that mobile users are three times more likely to fall for phishing attempts. That statistic implies that spear phishing against university communities, which already demonstrates more success than we’re comfortable with, will be even more effective against smartphone users. As we find ourselves more and more hurried, making quick decisions just to handle the ever-increasing stream of information flowing at us, we’re more prone to fall for these attacks.

I would guess that many of us who own smartphones are using them to access our university e-mail, if not other university resources. Most of us don’t have any control over whether someone may e-mail us private or confidential information. If our smartphones become the weakest link in protecting data, they will be targeted.

How many of us have misplaced our smartphones or left them sitting on our desk in an unsecured office? Have you left your smartphone in a taxi or on a shuttle bus?

Increased access to university data is a desirable convenience. Will we be able to get the right combination of security controls, user training, and policies in place to allow smartphone access without it leading to a security breach resulting in a notification event or embarrassment to the university? What kinds of security controls are you using to prevent this? What security apps do you recommend to your users?

Lots of troublesome questions. Where are the answers?

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is part of the EDUCAUSE Mobile Computing Sprint and is cross-posted at https://www.educause.edu/blog/bwoelk/SecureMobileanOxymoron/227983


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner