Course Overview
The Security Awareness Program Design class is for Information Workers and Information Technology Workers. We use the same principle materials but delivered at different technical levels.
Information Workers are defined as any employees that use the organization’s IT resources. These users are often referred to as “end users” or “power users”, along with their managers and organization officers.
Information Technology Workers are defined as employees that have technical experience in some discipline such as database administration, network administration, developers, etc.
No two organizations are the same and in order for security awareness training to be effective, it must be flexible and not rely on a cookie cutter approach. To allow a flexible, non-cookie-cutter approach to security awareness training, this course uses a menu of cybersecurity topics and case studies to adapt the content to the needs of each class’ attendees. Each class incorporates not only the latest information available in the cybersecurity field but also employees scientific adult learning and neuroscience principles to not only make learning more effective but also to better combat social engineering exploits.
Security Awareness Training can be tailored to meet all major compliance standards including: HIPAA, PCI-DSS, GLBA, FISMA, NIST 800-53, ISO/IEC 27002, Red Flags, NERC CIP, CobiT, GDPR and U.S. State Privacy Laws.
Duration: Courses are tailored to meet your needs.
Prerequisites: To ensure your success in the Information Workers version of this security awareness class, you should possess basic computer user skills and a fundamental understanding of computer and internet concepts, such as how to use a web browser and email.
For the Information Technology Worker version of this security awareness class, CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months experience in networking, including configuring security parameters, are helpful but not required.
Price: Rates are scaled to give the best value for the size and needs of your organization.
* Quantity discounts available upon request
Who Should Attend
These courses can be designed for all roles in your organization from the CEO and Board of Directors to your IT department and every employee. IT roles will often have a highly technical focus and decision maker roles are likely to have a business process focus.
Course Objectives:
Upon successful completion of this course, students will be able to:- Understand the concept of Security Awareness and how it can be practiced with personal accounts as well as at work
- Recognize the underlying forms of attacks common to all social engineering exploits
- Become fluent with mobile device usage that reduces personal and organizational exposure to exploits
- Understand and implement secure methods of authentication through the use of good log-on policies
- Effectively execute compliance practices with a full buy-in as to why such practices are important
- Understand and correctly use the fundamental terminology in cybersecurity
Course Agenda:
Lesson 1: Introduction
- What is "Security Awareness” and what does it have to do with me
Lesson 2: Keeping up with the Bad Guys
- Understanding the value of security controls
- How to stay on top of security exploits “without even trying”
- Email and browser hygiene
Lesson 3: Understanding Cybersecurity
- Terminology
- Are humans included as part of “Defense in Depth" policy
- Governance, Retention Policy and Metadata
- Mitigation and Deterrents
- Hashes and One-way Encryption
- Single Key and Two Key Encryption
- TCP/IP Primer and Review
- Cyber Attacks and Exploits
- Selected Case Studies
- Social Engineering
- Hoaxes
Lesson 4: Personal Privacy and Why it is Important to Both You and Your Employer
- Is what is good for the goose good for the farmer
- Keeping your personal life out of work and vice versa
Lesson 5: Cloud Migrations and Cloud Resources
- What is “the Cloud” and how do I know if it is secure
- Cloud data location matters
- Who controls information in the cloud and what are my responsibilities
- Data Encryption and Protection
- Avoiding cloud migration failures
- How does the Cloud provide disaster protection
Lesson 6: Metrics that Matter; is Security Awareness Working?
- Metrics to evaluate Security Awareness, Behavior Change and Culture Maturity
- Situations where Phishing click through rates can provide incorrect or misleading metrics
- How to tell if remediation techniques are working or creating additional issues
Lesson 7: Policies, Compliance and Due Diligence
- Special topics for C-Level employees and Directors
- Why you can't outsource your Due Care
- Due Diligence for suppliers, contractors, partners and 3rd parties
- Information security as a business process and competitive advantage
- Understanding compliance and the role of policies
- Handling internal and external communications during an incident
- Keeping conflicts from making a security incident worse
- BYOD problems and mitigation techniques
- Continuing your security education
Lesson 8: Case Studies and Discussions:
- Case Study Analysis: Social Engineering
- Case Study Analysis: Ransomware
- Case Study Analysis: USB Memory Sticks and removable devices
- Case Study Analysis: Mobile applications
- Case Study Analysis: Bluetooth scams
- Case Study Analysis: Wifi Exploits
- Case Study Analysis: Evil Twins
- Case Study Analysis: Signs of fake and real malware infection
- Case Study Analysis: When and how to get help
- Case Study Analysis: Why are employees going around security controls
- Case Study Analysis: Cloud security exploitations and breaches
Hands-On Labs
