Comments from audience are bulleted.
Everyone filled out the form.
secure work areas and resources. Her area has lots of restricted data, and this is important.
See too many people just walk away from logged in workstations/email. Easy to play with facebook profiles.
With office environments, many people can’t easily secure with keys, for example. Cubicles are different than regular offices.
What isn’t useful?
This isn’t a cybersecurity issue (tailgating).
Might be good to have alternative options to address different environments.
- To the extent that this is useful for campus, Ed would like to see it included. May not be cybersecurity, but still is security.
Access control is a no-brainer. It can be imposed on people without training. Tailgating is something you can train people to avoid.
Exposing people to the “why of passwords, for example, might make them take it more seriously.
What isn’t useful?
Don’t want to mix the message - it’ll frustrate people and make them not-receptive. Might depend on specific group needs.
Phishing - getting lots of questions about it
MFA - good to know “why” of MFA.
If MFA is used on campus, it’ll be mandatory and training instructions will be provided.
What’s going to have staying power?
Social media. Some for this, some against.
Relationship piece is the foundation of all of the social media stuff.
Awareness of people mixing work and home is important. That happens more and more and is a threat.
Protecting and Handling Data:
There was an initiative regarding this topic - is it really security awareness and should it be included?
Only important if you tie it to the policy.
What about data destruction/data retention?
Deep topic - surface awareness at most.
Bob would like to see surface knowledge, but offer opportunity to do more. Maybe include it for specific audiences.
This is for the it staff - technical training. Non-technical people function within the established framework.
Based on assumption that technical staff are available to all.
This would help
Users get documents through a business process and they store it where convenient. Providing awareness of the best places to store it would be good.
Who is authorized to access the data and under what circumstances? People should know what sort of data they have and when it’s safe to access it.