About The Course
This comprehensive module includes solid foundational components for an organization’s overall information security awareness program. It improves the understanding of key people in the organization about information security risks, sound information protection practices, and how their individual actions and behaviors can impact information security in their organization.
This exceptional course uses a stimulating and creative approach that engages and challenges the learner. Interactive learning activities and realistic scenarios are presented that maintain interest and add relevance for learners from different departments and key responsibilities within the organization.
Table of Contents
Day 1 - Session 1
- Introduction to Information Security
- Essential Terms
- Threat
- Risk
- Asset
- Vulnerability
- Zero Day – Vulnerability / Attack
- What is Information Security
- Business Need for Information Security
- CIA Triad
- Case Studies of Recent Hacks
Day 1 – Session 2
- Phases of Hacking
- Reconnaissance
- Passive Reconnaissance – AV Media / Social Media / Print
- Active Reconnaissance
- Social Engineering & Techniques
- What is Social Engineering
- Social Engineering Techniques
- Phishing
- SMShing
- Whaling
- Dumpster Diving
- Shoulder Surfing
- Tailgating / Piggy-backing
- Disgruntled Employees
- Identity Theft
- Unauthorised Access
- Shadow IT
- Credential harvesting / Password guessing
- Preventive measures
- Reconnaissance
Day 2 – Session 1
- Malwares, Ransomware & Key-loggers
- What are malwares
- Types of malwares
- Virus
- Worms
- Trojans
- Rootkits
- Adware
- Spyware
- Crimeware
- What are ransomwares
- What are key-loggers
- Fly-by-downloaders
- Droppers
- Advance Persistent Threats
- Preventive Measures
- Patch management
- AV updates
- Back-up
Day 2 – Session 2
Security Best Practices
- Password guidelines
- Internet usage
- Email usage
- Email etiquettes
- Identifying phishing emails
- Dealing with offensive emails
- 2-Factor / Multi-factor authentication
- Mobile device security threats & prevention
- Portable device / media security threats & prevention
- Clear desk
- Handling / Disposal of sensitive data (print/digital)
- Data classification & labelling
- Storage – encryption / hashing
- Disposal
- Physical Security
- Access controls
- Visitor management