Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Phishing awareness upon account reset
From: "Santabarbara, Angelo" <asantabarbara () SIENA EDU>
Date: Fri, 5 Apr 2013 17:27:08 -0400

Currently we have them take the Email module.  The STH modules are SCORM
compliant and as such can be used to build content in Black Board.  The
person who works on this is on vacation, but I have found some on-line
instructions posted by other universities like this one that may get you on
the right track:  http://www.niu.edu/blackboard/faq/qa/scorm.shtml

Our SANS representative was also very helpful in guiding us on how to do
this.  They provided this documentation:
http://www.securingthehuman.org/media/support/SANS-STH-LMS-Documentation.pdf



Angelo D. Santabarbara
Director of Networks & Systems
Siena College
518-782-6996
ASantabarbara () siena edu

***Siena ITS staff will NEVER ask for your password or other confidential
information via email.***

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.


On Fri, Apr 5, 2013 at 2:00 PM, Ullman, Catherine <cende () buffalo edu> wrote:

Thanks, Angelo!  We have SANS as well, but have not tied it to this
purpose yet.  Which module do you have them take?****

** **

-Cathy****

** **

** **

*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Santabarbara, Angelo
*Sent:* Friday, April 05, 2013 1:42 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Phishing awareness upon account reset****

** **

We utilize SANS Securing the Human modules for this exact situation.  It
is tied into our Black Board system and users are required to take a short
4 minute module as we reactivate the account.
****

** **

Angelo D. Santabarbara
Director of Networks & Systems
Siena College
518-782-6996
ASantabarbara () siena edu

***Siena ITS staff will NEVER ask for your password or other confidential
information via email.***

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.****

** **

On Fri, Apr 5, 2013 at 10:23 AM, Ullman, Catherine <cende () buffalo edu>
wrote:****

Good morning!****

 ****

We are interested in finding out if there are any institutions out there
that require some sort of basic awareness training as part of the process
of account recovery and if so, what exactly you require your users to do.
In other words, when we discover that an account is compromised, we have
the account reset to its claim state and the person is required to show ID
in order to reclaim the account.  However, because we suspect that many of
the compromised accounts become compromised because the user has clicked on
a phishing link, we’d like them to ALSO have to perhaps take a short
training exercise about phishing and answer a handful of questions before
they can reclaim their account.   Do any of your institutions require
anything like this process?  If so, would you please contact me either on
or off list and let me know more about your process?  Thanks!****

 ****

Best,****

Cathy****

 ****

 ****

Dr. Catherine J Ullman****

Information Security Analyst****

Information Security Office****

University at Buffalo****

cende () buffalo edu****

 ****

 ****

** **


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]