This scenario is more applicable when you have someone that already has a solid understanding of the technology they are using, and they just need some extra assistance to perform better when it comes to the security aspect of their everyday usage. College/University students are a great example of this. The average undergrad student is in their late teens – early to mid 20’s and is already quite familiar with technology and computers. Homework is submitted online, labs are done on computers, clubs and student organizations have websites and email members about upcoming meetings, roommate agreements are signed online, and making friends occurs though social media and text.
This scenario involves the president of a local Fraternity and other members (called brothers) of the organization. One of the brothers has not been doing too well in school and is on academic probation, meaning that he is restricted from participating in certain events such as philanthropy events, mixers with other student organizations, parties, and more until his grades go up. The president needs to keep all this information documented on his computer so they can track if the brother is improving or not, and if not, take further action. The brother in question is very upset about not being able to attend certain activities anymore and wants to somehow compromise the fraternity’s Google Account where the president keeps all information tied to the fraternity, to change his punishment to something lighter.
Lets look at the D.U.C. Model again: Discuss, Understand, Customize.
D for Discuss: The fraternity president is no computer science expert, but he is very familiar with how computers work and already takes great measures to protect his accounts such as using different passwords for each website, locking his computer, and not sharing too much private info on social media. The risk of the angry brother compromising his computer is low, but still possible. Everyone in the fraternity that is a member of their executive board (which includes president, vice president, ritual master, different activity chairs, and more) have equal access to the fraternity Google account at all times
U for Understand: Having numerous people access one account with one password is a great risk. What if the ritual chair who has access to this account is good friends with the angry brother and decided to change the files himself? The problem is that there is not much one can do considering all of the executive board members need to access this information when needed. The president does not want numerous accounts for all the different positions, as that will be a hassle to maintain and hand over to the new brothers once the current board graduates.
C for Customize: Since the fraternity does not want to deal with keeping track of numerous accounts, especially as all of the executive board members need to know the progress of this brother, we can change how the information is stored! Showing the president (and other board members) how to properly encrypt or password-protect files will make sure that if a malicious brother (or anyone else) is trying to get access to important and private documentation, it will be much harder to access.
The Final Solution: After teaching the brothers how to properly protect important files, have them implement these new protection measures so that their information is much more protected from bad actors.
As we are working with a group/person that is more comfortable with technology, we can teach them something a little more advanced without fearing that they lack the understanding of how to implement it. Are there better ways of protecting this type of information? Yes. This is a college fraternity, not a government. While things need to be kept protected and secure, the information does not need to be locked down like Fort Knox.