Tag Archives: Higher education

  • 1

Digital Self Defense for Incoming Students at RIT Presentation

Category:Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking Tags : 

We had a great time presenting to our 2800-person incoming class at the Rochester Institute of Technology. Here’s the YouTube video of the five presentations (Hannah Morgan, Dawn Soufleris, Nick Francesco, Jon Maurer, and Ben Woelk) aptly emcee’d by Chris Tarantino.

Click on the screenshot to watch the show!

Enhanced by Zemanta

  • 1

A Lightning Fast Introduction to Digital Self Defense

Category:Higher Education,Information Security,Infosec Communicator,Uncategorized Tags : 

Each year at the Rochester Institute of Technology we introduce the concepts of Digital Self Defense to incoming students. We’ve tried a variety of presentation types and venues, ranging from several sets of co-presenters talking with “smaller” groups of students to one presenter in front of the 2000+ students at our Gordon Field House.

We kicked off our activities this year at New Student Move-in Day with our table of resource materials and a guest appearance by Phishy. Phishy provides a visual reminder for students to watch out for phishing attempts. Quite a few students posed with Phishy for photos.

Our New Student Orientation activities will conclude on Saturday, Sept 1, as we deliver a series of Lightning Talks on the subject of Digital Self Defense. We’ll cover online reputation management, safer social networking, avoiding online identity theft, security requirements at RIT, and illegal file sharing.

Because we’ll have captionists and ASL (American Sign Language)  interpreters, we’ve added 3 seconds to each slide. As in other Lightning Talks, the slides will advance automatically, every 18 seconds. I’m the only one of the presenters who’s done a Lightning Talk, and I’m looking forward to seeing how each presenter deals with the challenge of a very large (~2500) audience and a slide deck they don’t control.

Five presenters. Five different styles. Huge audience. Should be interesting.

Watch for my followup post!

Enhanced by Zemanta

  • 0

Bridge Building: Establishing Communications Processes

Category:Communications Processes,Infosec Communicator,Leadchange,Lessons Learned,techcomm,Uncategorized Tags : 

image

This past fall we had the privilege of visiting Pont du Gard, a Roman bridge and aqueduct in Languedoc in the south of France. Although built primarily without mortar (except for the top course of blocks), Pont du Gard has endured for more than 2000 years, despite frequent spring floods.

The Pont du Gard aqueduct/bridge was built to provide clean water for the town of Nimes. Its builders understood the importance of building a structure that took into account the factors that would affect the bridge. They understood at least some of the pressures that would bear on that structure. They built the bridge accordingly. Its builders designed it to endure.

Geographical map of the aqueduct of the Pont d...

Geographical map of the aqueduct of the Pont du Gard. Map created using data from OpenStreetMap. (Photo credit: Wikipedia)

So, this blog is about communications. What does the Pont du Gard have to do with communications?

Much of my role as a technical communicator has been to build processes that enable the flow of good communication. I’ve had to factor in the context (pressures that will bear on the structure) in which I was building those processes. Those communications processes are the bridges (aqueducts) that I build. In distributed organizations, well built communications bridges are critical to the health of the organizations.

Over the next few weeks, I’m going to talk about bridge building.  First, I’ll discuss my initial attempts at architecting communications processes for a Fortune 500 organization that had outsourced key support processes in the midst of a major software/hardware infrastructure transformation. Next, I’ll discuss communications processes I’ve built in my role as an information security practitioner in higher education. Finally, I’ll talk about my current work to build a sustainable communications bridge that enables clear communications between a central organization and its distributed communities, ensures the concerns of those distributed communities are heard, and facilitates best practice sharing among those communities.

Enhanced by Zemanta

  • 0

Making Information Security Fun

Category:Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,STC Rochester,techcomm Tags : 

I shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing.

To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog.

Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Three

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.

How We’ve Communicated These Concepts at RIT

Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.

To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.

Digital Self Defense

We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.

New Student Orientation

Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.

We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.

Social Media

We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.

Phishy

RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger

Phishing

Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)

Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.

Lessons Learned

Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.

REFERENCES

“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).

Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).

Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).

RIT Information Security website (https://security.rit.edu).

RIT Information Security Facebook page (www.facebook.com/RITInfosec).

“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (https://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).


Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner