Security Awareness and Training
Security awareness training is to develop essential competencies, new techniques and methods that are so essential in facing possible security issues.
Security awareness training should become an integral part of your onboarding and ongoing staff training program.
If your organization falls under GLBA, PCI, HIPAA or Sarbanes-Oxley, you will need some element of security awareness training.
Content that is included in general security awareness training:
- Organization’s Security awareness policy .
- Impact of unauthorized access.
- Importance of strong passwords and password controls.
- Mobile device security including BYOD.
- Secure e-mail practices.
- Secure practices for working remotely.
- Secure browsing practices.
- Avoiding malicious software –viruses, spyware, adware, etc.
- Secure use of social media.
- How to report a potential security incident?
- Protecting against social engineering attacks.
- In Person – Physical Access.
- Phone – Caller ID Spoofing.
- E-mail – Phishing.
- Instant Messaging.
- Physical security.
- Dumpster Diving.
- Shoulder Surfing.