Tag Archives: RIT

  • 0

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

https://security.rit.edu/dsd.html

Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: https://twitter.com/bwoelk

Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at https://ow.ly/4GFzf


  • 10

Why Professional Conferences Matter

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Social Networking,STC Rochester Tags : 

I’ve heard a lot of discussion recently that professional conferences aren’t needed anymore because of the inter-connectivity afforded by the Internet. Why is it reasonable to spend hundreds or even a couple of thousand dollars to attend a face-to-face conference?

Over the last week, I’ve been part of the leadership teams for and attended two conferences, the STC Rochester Spectrum regional technical communications conference and the EDUCAUSE Security Professionals Conference in San Antonio. It’s been an incredible experience.

Here’s what I’ve found:

  • Spectrum provided an opportunity for me to meet face-to-face with people I’ve been talking to via social networking for almost a year. This is important because I was able to have indepth conversations with key leaders about critical issues affecting our profession. These conversations wouldn’t have been viable in social media. They may have been doable through Skype or phone, but the ability to read the nuances of a conversation when you’re not together is really difficult.
  • Spectrum also provided STC Rochester an opportunity to showcase our abilities (and to have those abilities affirmed by other community and society leaders.) It was important for our chapter to understand our connections and I think our membership was “blown away” that international leadership would attend. We were truly honored.
  • Spectrum provided state of the art content in technical communications. In the sessions I facilitated, Kristi Leach was able to test a usability session with peers and gain invaluable feedback and Hannah Morgan provided a fresh look at the importance of social networking in your branding and in your career.  Other speakers presented key information about current tools and the future of our profession.

The Security Professionals conference allowed me to see (way too briefly) colleagues that I speak with on conference calls and work with, but from a distance of thousands of miles. We’ve become friends and it’s great to be able to unwind with a team that’s worked hard together all year.

  • The Security Professionals conference gave me the opportunity to present with a panel of fellow practitioners that are remediating private information at our respective universities. It gave our audience an opportunity to hear how four schools are tackling similar problems and the “unvarnished” truth of the stuggles we’ve faced and inroads we’ve made. This was invaluable to our attendees, because they could ask questions and establish the networking contacts that will save them time and dollars as they tackle similar problems. We become resources for each other.
  • The Security Professionals conference also allowed me to work in tandem with Cherry Delaney of Purdue University, my former co-chair of the Awareness and Training Working group. We were able to share with a group of ISOs, information security practitioners (and even a CIO) the steps needed to create a holistic strategic Security Awareness plan and share examples of how we’ve approached the task of educating end users. We were also able to work with them in small groups to develop specific steps and put together the beginnings of an action plan.

The interaction at a professional conference is one of the key enablers to moving forward in your profession, becoming “unstuck” when you’re out of ideas, and establishing a network of contacts to help each other.

This interaction was helped by the fact that the conferences were of a size (120 and 350) where you could actually see the same people in several venues. Large conferences don’t always allow for that.

For me, professional conferences matter.

What do you get out of them?

 

Related content


  • 0

Digital Self Defense Workshop 101 (RRLC)

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Social Networking,Uncategorized Tags : 

I had the pleasure of presenting the following presentation to the Rochester Regional Library Council on Oct. 25th. It contains general Internet and computer safety tips and is slightly modified from a session we provide to faculty and staff at RIT.

Enhanced by Zemanta

  • 1

Having Fun with Security Awareness–Phishing

Category:Higher Education,Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : 
Phishy

Phishy and Ritchie at RIT

The task of creating a culture of information security awareness in higher education can be a daunting one. You may feel as though your efforts are unnoticed and unrewarded. However, one of the really cool things about working in higher ed is that universities and colleges are often willing to share their best practices and even the materials they’ve created. This can ease the burden of coming up with new ideas to to help increase user awareness of information security threats.

Over the last couple of years, higher education has seen an increase in phishing attempts known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s Information Technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (Much as we’d like to block all phishing attempts and train our community to recognize and not respond to password requests, someone will always fall for a well-crafted phish.)

Unsure of how to best combat the threat, we formed a team of our best information technology and information thinkers to address the issue. We chose a multi-pronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem.

One of our coop students had worked the previous summer at Yale University and showed us phishing awareness posters that they had created. We received permission from Yale to modify the posters for our own use and began a poster campaign on campus. We decided to go a step beyond.

What better way to draw attention to phishing than having a giant “phish” walk around campus! Phishy was an instant hit. Phishy visited offices around campus and greeted students with cards that reminded them to NEVER respond to requests for their passwords. Phishy hung around RIT for a week twice during 2009.

Gil Phish

Gil Phish at Yale

This fall, Yale leveraged our Phishy idea. They bought a fish costume and greeted new students at orientation. (They also created a Gil Phish Facebook page with pictures of Gil engaged in behavior that could only be described as sub-crustacean…

Building off of each others successes has enabled both universities to create innovative security awareness programs.

Enhanced by Zemanta

  • 2

Writing the Next Chapter

Category:Infosec Communicator,Leadchange,STC,STC Rochester,Uncategorized Tags : 

Change is necessary but change is uncomfortable.

We should ignore the past. We should value the past. We should just do it. We should learn from past efforts. Do we dash forward, make our mistakes and sort things out as we go? Do we assess the path forward and move carefully down it? How strong should our sense of urgency be? How fast can and should we move forward? How do we mold individual desires into a shared vision?

We need to attract new members. We want to retain existing members. We have many senior members who have contributed faithfully to STC Rochester. We have new members who may not know our past but who are willing to pour themselves into redefining our organization and positioning ourselves for the future.

These are some of the issues we face as the council charged with stewarding the Rochester Chapter of the Society for Technical Communication. We are a chapter with a long history of excellence. It’s time to write the next chapter.

I’m trying to find a path that allows us to retain the  distinctiveness of what has made us STC Rochester while moving to a model that is sustainable and will foster growth. Part of this path forward includes implementing a marketing strategy. We’ve received our marketing plan from Neil Hair’s RIT Marketing Concepts class. The plan identifies key opportunities and strategies for growth. We’ve set up a subgroup to study the plan and bring forward recommendations to our October council meeting.

Our kickoff meeting is September 21st. We’re inviting prospective members and want to be sure we can articulate why they should join STC. There is a good bit of angst surrounding this.

We need to remember to have fun.

Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner