Ben WoelkPolicy and Awareness AnalystInformation Security OfficeRochester Institute of Technology585.475.4122Ben.woelk@rit.edu

Making Information Security Fun

Introduction—the Problem

• Everyone is a target• Identity theft is big business

• You can’t rely on others to protect you

2

Avert Labs Malware Research

3Retrieved July 24, 2009 from:http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/

Phishing on Social Network Sites

http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf

4

Solution

•We needed a plan–Systematic repeatable–Goals–Proactive

Components of a Plan

• Audience analysis• Key messages• Channels• Calendar• Relationships

What are Our Key Messages?• Data handling• Mandatory compliance • Phishing, Social engineering

• Protecting IP/Research

RIT Profile

Rochester Institute of Technology, founded 1829• ~18,000 students, mainly

residential• 10% international • 1300+ deaf or hard of

hearing (NTID)• ~3000 faculty and staffRespected leader in professional and career-oriented educationEight colleges, 80 majors, 3600 co-op students yearly

Branding

Consistency

Web Presence

• Use official university communications channels

• Target messages to faculty, staff, and/or students

Social Media

• Meet students where they are• Post directly from Facebook

to Twitter

Private Information Management

• Temporarily reduced response rate from ~25 per attempt to ~4 per attempt

Phishing Awareness

Orientation

• Participate in faculty events

• Hit hot topics

Faculty

Practice Digital Self Defense

16

@RIT_Infosecwww.facebook.com/RITInfosecSecurity.rit.edu