1 ben woelk rit information security office advancing digital self defense establishing a culture of...
TRANSCRIPT
1
Ben Woelk
RIT Information Security Office
Advancing Digital Self Defense
Establishing a Culture of Security Awareness
at the Rochester Institute of Technology
2
Copyright and Reuse
• The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact [email protected].
• The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact [email protected].
3
ChallengesChallenges
Who is RIT?• At least 3 different audiences• Various degrees of internet
knowledge– Not everyone is technology
savvy• 2500 new students each year;
15,000 total• 3000 faculty and staff
4
Our ApproachOur Approach
GAIN• Target audiences
with different communications tools
• Orientation• Facebook• Events and contests
TRAIN• Digital Self Defense
workshops
MAINTAIN• Website and printed
materials– Awareness materials
• Advisories and alerts
5
OrientationOrientation
Freshmen Orientation• 90-minute time slot• Three sections
– Information Security– Copyright and Illegal File Sharing– Safe Social Networking
• Technical presenters partnered with Student Affairs
6
Facebook Presence
Information Security Facebook– 19,000+ RIT
Facebook accounts– Set up as Group,
not Profile– Current issues
• Safe social networking info
• Threats and vulnerabilities
7
Special EventsSpecial Events
• National Cyber Security Awareness Month Speakers– Technical and non-technical
• Poster Contest• DHS MS-ISAC National Webcast
Initiative
8
Awareness ContestAwareness Contest
Support desktop and password standards
• Email and poster marketing campaign
• Prizes• Awareness website• Quiz• Contest drawing
9
Digital Self DefenseDigital Self Defense
Three Workshops •DSD 101—Introduction•DSD 102—Desktop Security
Software•DSD 103—Information
Handling
10
Digital Self Defense 101
Introduction to Digital Self Defense
• General overview of how to practice safe computing and protect yourself and others
• Online threats• Balance technical solutions and
common sense
11
Digital Self Defense 102
Desktop Security Software• Detailed look at software tools
needed to meet the requirements of the Desktop Security Standard
• Software simulation allows users to experience installation and use of security software
12
Digital Self Defense 103
Information Handling• Protect important information
belonging to you or RIT• Impact of legislative mandates • Identify RIT Confidential
information • Information Lifecycle
– Creation, Transfer, Storage, Disposal
13
Information Security Website
• Alerts and Advisories• Standards • User Guides• Event
Announcements
14
Awareness Brochures
• Support RIT requirements• Discuss common issues and
concerns– Desktop Standard– Passwords– Wireless– Instant Messaging– Avoiding Identity Theft
15
Advisories and AlertsAdvisories and Alerts
• Email to students, staff, and Email to students, staff, and faculty when absolutely necessaryfaculty when absolutely necessary– Viruses and other malwareViruses and other malware– Spoofing, phishing and other online Spoofing, phishing and other online
scams scams – PatchingPatching
• Message CenterMessage Center
16
SummarySummary
• One size doesn’t fit all• Multi-year process (5+ years)• Balance frequency of
communications• Make information security fun• Prizes make great motivators