UAB IT’s information security team has a new way to visualize how the UAB community interacts with phishing emails. These improvements come from the collaboration of UAB IT’s data operations team and the information security office.
These dashboards aid InfoSec in decision making as they work to improve the phish reporting rate across campus to 30 percent and lower the compromise rate to below 10 percent.
“The dashboard has helped by allowing us to report further than what is allowed in Microsoft’s portal,” said Joseph Boehm, an information security engineer. “With the new dashboard, we’re able to compare campaign metrics at the organizational level and see how academic and business units compare to each other.”
Boehm is part of UAB IT’s threat and vulnerability team, a subset of the Information Security office, that handles protecting data by exploring and catching weaknesses throughout the campus’s software and devices. Roles in the team include threat hunting and liability management, but Boehm focuses on penetration testing and vulnerability management.
“I coordinated the return of the phishing campaigns,” Boehm said. “My team sent the simulated phish campaign to campus users and then I prepared the collected data to be sent over to the Tableau team.”
At the beginning of 2023, information security launched the report phishing button in Outlook. Any data recorded since this launch has been collected, cleaned, and visualized by Leslie Newell, a business intelligence specialist with the Tableau team at UAB IT.
“My role in this project was data analyst and data visualization creator,” Newell said. “I brought the data in to Tableau to create visualizations that help make data driven decisions about each phishing campaign.”
Using the phishing dashboards, deans and vice presidents across campus will be able to see where their units stand when it comes to cybersecurity.