making information security fun
DESCRIPTION
High level description of marketing plan and implementation of key messaging around security awareness at the Rochester Institute of Technology.TRANSCRIPT
Ben WoelkPolicy and Awareness AnalystInformation Security OfficeRochester Institute of [email protected]
Making Information Security Fun
Introduction—the Problem
• Everyone is a target• Identity theft is big business
• You can’t rely on others to protect you
2
Avert Labs Malware Research
3Retrieved July 24, 2009 from:http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
Phishing on Social Network Sites
http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf
4
Solution
•We needed a plan–Systematic repeatable–Goals–Proactive
Components of a Plan
• Audience analysis• Key messages• Channels• Calendar• Relationships
What are Our Key Messages?• Data handling• Mandatory compliance • Phishing, Social engineering
• Protecting IP/Research
RIT Profile
Rochester Institute of Technology, founded 1829• ~18,000 students, mainly
residential• 10% international • 1300+ deaf or hard of
hearing (NTID)• ~3000 faculty and staffRespected leader in professional and career-oriented educationEight colleges, 80 majors, 3600 co-op students yearly
Branding
Consistency
Web Presence
• Use official university communications channels
• Target messages to faculty, staff, and/or students
Social Media
• Meet students where they are• Post directly from Facebook
to Twitter
Private Information Management
• Temporarily reduced response rate from ~25 per attempt to ~4 per attempt
Phishing Awareness
Orientation
• Participate in faculty events
• Hit hot topics
Faculty
Practice Digital Self Defense
16
@RIT_Infosecwww.facebook.com/RITInfosecSecurity.rit.edu