Cursul de certificare Mile2® Certified Security Awareness 1 + 2, este destinat tuturor celor care folosesc un computer cu internet. Participanții vor învăța amenințările de securitate inerente la locul de muncă actual, precum și contramăsurile asociate acestora.
Angajații vor învăța că veriga cea mai slabă în orice program de securitate este un departament slab instruit. Cursul Certified Security Awareness învață conștientizarea generală a securității, precum și modul de a dezvolta o cultură de securitate puternică în cadrul comunității companiei.
Nu sunt cerințe preliminare.
C)SA 1 – Agenda:
Module 1 – Basic Security Awareness
- What is it and why it’s needed? End User Risk Trends
- Who, What and How are people the target
- What are the losses associated to end user hacks?
- The policies are as good as the employee who embraces them
Module 2 – Social Engineering
Phishing
- mail, via phone, social websites are common
Spear Phishing
- Example: Fake email sample
- Social media
- Personification
Module 3 – Data Classification and corporate use (Safe Guarding)
Corporate
- Sensitive, internal or public classification
- Objectives of securing data (IP, Compliance/legislature)
Personal vs. Business Use
- Segregating personal use with business use
Data management
- Business standard for deleting data
- Personal standard of data dumping (old phones/hard drives and usb)
- Did you know that I can unearth deleted docs from a USB drive from a standard Forensics app off of the internet?
- How to delete and get rid of your old data
Module 4 – End User Best Practices
Internet utilization
- Hot spots, public places & roaming risks
Safe Web Site surfing
- Discerning safe secure sites (never go to a site link indirectly)
- Locks and HTTPS
Computer Usage
- Using computer in non-admin mode
- Ransomware
Password management
Removable Devices
Mobile, Smart Phones and Tablets (risks associated with mobile devices)
- Device always locked
- Device should always be trackable
C)SA2 – Agenda:
Chapter 1 – Creating a Cyber Security Culture
- Non-malware Attack Statistics 2017 (Carbon Black)
- Cyber Security Culture
- Requirements for Successful CSC
- Steps to Create CSC
- Key People for a Successful CSC and Their Roles
- How Various Departments are Related to the CSC Program
- Leadership Skills
- Techniques Used by Successful Leaders
- Yearly Training and Drills
Chapter 2 – Social Engineer Attacks: Executive Management and Assets
- Techniques used by Hackers
- Why Executives are Pinpointed as Targets
- Whaling Attacks
- Recent Successful Whaling Attacks
- Whaling Mitigation
- Intellectual Property
- IP Categories
- IP Legally Defined Categories
- Keeping IP Safe
- Keeping IP Safe – Recommendation
Chapter 3 – Incident Preparedness and Management Planning
- Incident Mitigation
- Incident Mitigation
- Cyber Insurance
- Cyber Insurance Gaps
- Incident Preparedness Steps
- Preparation Step
- Identification Step
- Crisis Management
- Post Crisis Management
- Post Crisis Management
- General Recommendation for Post Crisis
Chapter 4 – Laws and Global Compliance Standards
- Laws & Standards
- Laws & Standards
- 12 PCI DSS Requirements
- Laws & Standards
- SOX Most Important Sections
- Laws & Standards
- Data Classification
- Objectives of Data Classification
- Personal vs. Business Use
- Personal vs. Business Use
- Business Standard for Deleting Data
- Mobile Device Security Risks
- Mobile Device Security
- BYOD Challenges
- BYOD Policy
Acest curs îi pregătește pe participanți pentru susținerea examenelor C)SA1 + C)SA2 și obținerea certificării de Certified Security Awareness 1 + 2.
