Introduction to Security
Course Learning Objectives
- Students will learn about everyday IT security risks in the workplace and what they should or should not do when understanding these risks.
- With scenario-driven examples, students learn an awareness topic, see how it affects their job, and are asked to make the right decision to reinforce the concept.
- Covers the latest in security awareness risks including mobile devices, cloud storage, social engineering and phishing attacks.
- Helps satisfy PCI-DSS requirement 12.6.1a
Students will explore a number of important security awareness concepts within the workplace. They will be introduced to powerful yet simple ways to manage password strength, avoid email phishing attacks, recognize social engineering, configure mobile devices, and more.
Students learn by “scenario based” examples. Students are presented a highly interactive environment where their actions tell a story and have direct consequences. Understanding these impacts is key to appreciating why Security Awareness is imperative to any organization.
Tailored learning - 30 minutes total
- What passwords mean to security
- About strong passwords
- Accountability risks to sharing passwords
- Disclosure risks to posting passwords
- 20 most common passwords
- Email and Attachments
- About phishing attacks
- What makes a phishing e-mail?
- Managing attachments in e-mail
- Identifying safe and risky attachments
- Social Engineering
- Recognizing phone-based social engineering
- Recognizing in-person social engineering
- Recognizing more forms of social engineering
- Why is it important to have a clean desk policy
- Workstation Security
- How to protect your workstation/li>
- Using lock screens and screensavers/li>
- Physically securing removable workstations
- Protecting your mobile device with a PIN or password
- Why use only approved mobile apps
- Keeping your software updated
- General mobile device best practices
- Business vs. personal use
- Risks to unsecured Wifi
- Identifying insecure wireless
- Secure browsing and HTTPS
- Checking valid HTTPS connections
- Virtual private networks (VPNs)
- Acceptable Use
- Acceptable Internet use
- Social media use
- Cloud storage use
- General best practices
- What is tailgating and what are the risks?
- Tailgating best practices
- Questions to prevent tailgaters
- General best practices
- PCI Compliance (Optional)
- About the payment card industry data security standard
- What is cardholder data?
- Who can access card data?
- Best practices to processing and storing credit card data
- Transmitting credit card data