1. Making
Information
Security Fun
Ben Woelk
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
585.475.4122
Ben.woelk@rit.edu
2. Introduction—the Problem
• Everyone is a target
• Identity theft is big business
• You can’t rely on others to
protect you
2
3. Avert Labs Malware Research
3
Retrieved July 24, 2009 from:
http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
4. Phishing on Social Network Sites
4
http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf
6. Components of a Plan
•Audience analysis
•Key messages
•Channels
•Calendar
•Relationships
7. What are Our Key Messages?
•Data handling
•Mandatory compliance
•Phishing, Social
engineering
•Protecting IP/Research
8. RIT Profile
Rochester Institute of
Technology, founded 1829
• ~18,000 students, mainly
residential
• 10% international
• 1300+ deaf or hard of
hearing (NTID)
• ~3000 faculty and staff
Respected leader in professional and career-oriented
education
Eight colleges, 80 majors, 3600 co-op students yearly
16. Practice Digital Self Defense
@RIT_Infosec
www.facebook.com/RITInfosec
Security.rit.edu
16
Notas del editor
Per the MarkMonitor Brandjacking Index for Spring 2009:Phish attacks targeting social networks have grown 241 percent from Q1 2008 to Q1 2009 and have grown 1,500-fold since we first started tracking the category in 2007.
University of North Carolina exposed ssn for about 114,000-180,000 women that was part of a multi-year medical research study. The server with this data stored on it was not located behind a firewall, a minimal security precaution. Fingers were pointed back and forth between the researcher and the IT dept. managing the servers.