End-User Awareness Training
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
End-User Awareness Training

Overview

A sound IT security awareness program for all staff - from receptionists to the CEO - can be invaluable in minimizing the risks faced. Our end-user security awareness programs start with content developed specifically for general business users (receptionists, accountants, sales staff ...) and tailoring it to relate to the specific threats faced in the client’s workplace. This program can be delivered as an essential part of an Induction course for new staff or a general in-house workshop/seminar at regular intervals.

Information security awareness amongst end-users is an imperative, because 'people' are the weakest link in the information security chain. Essentially, information security is a 'people issue'. End-user awareness is vital in the work place because well-designed information security policies are, by themselves, of little use unless all users are fully aware of the need for maintaining the security of corporate and personal information assets.

The Security Brigade End-User Awareness (SBEUA) certification aims at creating committed end-users, aware about the importance of IT security in their workplace and its implementation in day-to-day activities.

Security brigade offers security courses that assist end-users in obtaining this certification. Being certified means they have passed stringent tests and are alert end-users, well aware of Information Security Controls, IT Laws, and Security Policies and Compliance.

Some of the benefits from having an IT Security Aware staff are as follows:

Statistics

Some statistics of concern that can be reduced significantly with End-User Security Training programs.

Insider Threat Statistics

  • Two thirds (62%) admitted they have a very limited knowledge of IT Security.
  • One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
  • More than half (51%) connect their own devices or gadgets to their work PC.
  • A quarter of these do so every day.
  • Around 60% admit to storing personal content on their work PC.
  • One in ten confessed to downloading content at work they shouldn't.
  • More than half (51%) had no idea how to update the anti-virus protection on their company PC.
  • Five percent say they have accessed areas of their IT system they shouldn't have.

Course Content

Security Brigade's Training Programs are tailored to the exact needs of the audience. However a general course list for End-User Awareness training can be seen below.

  • Brief Intro
  • Viruses
  • Worms and Trojans
  • Adware and Spyware
  • Combating Viruses, Adware/Spyware
  • Role of End-Users
  • Email Part 1 Threats and Prevention
  • Email Part 2 Scams and Inappropriate Uses
  • Phishing Examples
  • Phishing Symptoms and Response
  • Information Security Controls
  • IT Laws
  • Wireless Overview and Vulnerabilities
  • Wireless Security
  • Sharing: Workgroups
  • Sharing: Domains
  • Physical Security: Protecting laptops, handhelds, thumb drives.
  • Social Engineering
  • Good Password Choices
  • Firewall
  • Security Updates (Windows Update)
  • Do's and Don'ts
  • Security Policies and Compliance

Benefits

Not training end-users on basic security practices leaves a company's systems vulnerable to attack, exploit, and data theft.

By training end-users, your company can save the vast amount of time and money it costs to mitigate and recover from an attack. It saves reputations and jobs. It also prevents IT Security professionals against headache after headache of dealing with viruses, adware, and other problems. And by protecting against identity theft, training end-users in security can save customers and employees from the pain of rebuilding their lives after personal and financial information was stolen.

  • Reduce people-related errors associated with lack of knowledge.
  • Increased company-wide awareness of the importance of best security practices.
  • Employees will not fall for phishing attacks, virus attacks, trojans and other social engineering attacks.
  • Develop a last line of defense against threats to information assets.
  • Short-term benefits include employee awareness of acceptable behavior.
  • Teaches users not only what they can do to prevent malicious activity, but also how to detect attacks.
  • Reduce costs associated with vulnerabilities and threats to the system.
  • Protect the system from malicious intent.
  • Reduced risk of intentional or accidental information and IT asset misuse by your employees.
  • Employees can and should be the "last line of defense."
  • Compliance with federal and state regulations that require security awareness training.
  • Low-cost option for training all employees on your corporate security policies.

Compliance

Security Brigade's End-User Awareness Training can meet the requirements of many standards and guidelines in relation to information security. Our Training team has working knowledge of the following standards and attempt to exceedingly meet thier requirements during the training program.

  • PCI
    The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.

  • ISACA
    ISACA was established in 1967 and has become a pace-setting global organisation for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.

  • CHECK
    The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.

  • BS7799
    BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. The BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

  • HIPPA
    The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Administrative Simplification (AS) provisions of HIPPA, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

Copyright 2006 Security Brigade