digital self defense
TRANSCRIPT
Pfizer Global Security Conference
Ben Woelk
ISO Program Manager
Rochester Institute of Technology
Copyright © 2014 Rochester Institute of Technology
Presentation Overview
• Background
• Communications Plan Basics
• RIT Implementation
• Success?
• Discussion
Copyright © 2014 Rochester Institute of Technology
BACKGROUND
Copyright © 2014 Rochester Institute of Technology
My Background
• Corporate
• Higher Education
– ISO Office
– Adjunct
• Techcomm
• Computing Security
Copyright © 2014 Rochester Institute of Technology
Rochester Institute of Technology
• RIT Environment– 18,000 students
– 3,500 faculty and staff
– International Locations
– ~40,000+ systems on the network at any given time
– Very skilled IT security students
Copyright © 2014 Rochester Institute of Technology
RIT Information Security
• RIT ISO– 3 full time
• Information Security Officer
• Program Manager
• Sr. Forensics Investigator
– 1-4 student employees
• Mix of coop and part-time
• Risk Management, not Information Technology
Copyright © 2014 Rochester Institute of Technology
COMMUNICATIONS PLAN BASICS
Copyright © 2014 Rochester Institute of Technology
Communications Plan
• Benefits
– Systematic approach
– Repeatable
– Set and achieve goals
– Be proactive
– Be strategy driven, not event driven
– Strategic plan drives marketing/communications
plan
Copyright © 2014 Rochester Institute of Technology
TechComm 101
• “We explain things” (R. J. Lippincott,
Intercom)
• Characteristics
– Interactive and adaptable
– Reader centered
• Personas
– Contextualized
– Concise
– Visual
– Cross cultural
Copyright © 2014 Rochester Institute of Technology
RIT IMPLEMENTATION
Copyright © 2014 Rochester Institute of Technology
Challenges
• Multiple audiences
• Messaging overload
• 30% annual turnover
• What, me worry?
• Dry/technical subject
Copyright © 2014 Rochester Institute of Technology
Digital Self Defense Goals
• Inform the entire population about threats.
• Educate new members of the RIT community
on Information Security topics.
• Maintain current information outputs and
engagement on Information Security topics.
• Create new avenues for communication to
expand awareness of Information Security
office.
• Inform community of new Infosec initiatives
Copyright © 2014 Rochester Institute of Technology
Target Audiences
Copyright © 2014 Rochester Institute of Technology
Strategies
• Consistent outreach
• Creative/fun deliverables
• New communication channels
• “What’s in it for me?” fulfillment
– Emphasizing home use
– Easy-to-implement best practices
– Consequences of non-compliance
– Interactive elements
Copyright © 2014 Rochester Institute of Technology
Security Awareness Plan
• Components
– Audience analysis
– Key messages
– Communications channels
– Calendar of promotions
– Develop relationships
Copyright © 2014 Rochester Institute of Technology
Key Message
• Short and Simple
Copyright © 2014 Rochester Institute of Technology
Calendar of Promotions
Copyright © 2014 Rochester Institute of Technology
Monthly TopicsMonth Topic
June, July, August Pre-Semester, Start of Semester
September New Students, New Semester, New Threats
October Cyber Security Awareness Month
November No Click November
December Scams and Hoaxes
January Data Privacy Month
February Ph(F)ebruary Phish
March Mobile Device Madness
April Spring Cleaning
May Graduating to Good Passwords
Copyright © 2014 Rochester Institute of Technology
Pre-Semester/Start of Semester
Copyright © 2014 Rochester Institute of Technology
Communications Channels
• What’s the best vehicle?
Copyright © 2014 Rochester Institute of Technology
Develop Relationships
Copyright © 2014 Rochester Institute of Technology
RIT Infosec Website
Copyright © 2014 Rochester Institute of Technology
RIT Social Media
Copyright © 2014 Rochester Institute of Technology
Posters
Copyright © 2014 Rochester Institute of Technology
Go Phish
https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
Copyright © 2014 Rochester Institute of Technology
Alerts and Advisories
• Message Center
Portal/email
• Ad hoc
• ~20 per academic
year
Copyright © 2014 Rochester Institute of Technology
Move-in
Copyright © 2014 Rochester Institute of Technology
New Student Orientation
Copyright © 2014 Rochester Institute of Technology
Lightning Talks
• Six minute presentations
• Slides move every 18 seconds
• Topics
– Online reputation management
– Illegal file sharing
– Safe use of social media
– Security standards at RIT
Copyright © 2014 Rochester Institute of Technology
DSD Lightning Talk
• https://youtu.be/ef5XMlfQPxs?t=1862
Copyright © 2014 Rochester Institute of Technology
SUCCESS?
Copyright © 2014 Rochester Institute of Technology
Evaluation Tools
• Internal survey tool
– Fall baseline
– Spring progress
Copyright © 2014 Rochester Institute of Technology
Social Media Evaluation
Copyright © 2014 Rochester Institute of Technology
External Evaluations
• Use with care
• Kred (2013)
– Influence (trust)
– Outreach (propensity to share)
• Klout (2009)
– Perceived social influence
Copyright © 2014 Rochester Institute of Technology
Evaluate and Make Mid-Course Corrections• You will make mistakes
• Don’t be afraid to make a change
• Did it make a difference?
• Ways to evaluate
– Surveys
– Analytics
From austinevan
Copyright © 2014 Rochester Institute of Technology
Key Success Factors
• What’s in it for them?
• Relevant at home as well as at work
• Reach them where they are
Copyright © 2014 Rochester Institute of Technology
Resources
• EDUCAUSE
– Cybersecurity Awareness Resource Library
– Security Awareness Quick Start and Advanced
Guides
• W. K. Kellogg Foundation Template for
Strategic Communications Plan
• Richard Johnson-Sheehan Technical
Communication Today
• Society for Technical Communication
Copyright © 2014 Rochester Institute of Technology
Contact Me
Ben Woelk
[email protected]; [email protected]
Benwoelk.com
@benwoelk
www.linkedin.com/in/benwoelk/
Copyright © 2014 Rochester Institute of Technology
DISCUSSION