TRAINING SERVICES elearning

Transcription

1 Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses that cover a range of security topics including security awareness, compliance, secure coding and application development. For more than a decade, our clients have benefited from our training services, helping them meet their organizational and compliance goals. Proven elearning Solutions Simplify your elearning initiatives with an industry-leading training solution that addresses the following core business objectives: Meets compliance Maximizes data security Cost-effective implementation Easy to use Ensures training best practices FishNet Security Hosted Solution Powerful learning management system (LMS) Secure environment Quick, hassle-free implementation Self-Hosted Solution Delivered to your environment using SCORM, AICC or Tin Can format Our elearning Advantage Online reporting notifications and reminders Progress tracking Certificates System audits Mobile interface Multi-lingual support Modular licensing options elearning Courses Security Awareness Interactive Format featuring CyberBOT Security Awareness for Executives Video Format Compliance Credit Card Handling Introduction to PCI PCI DSS PCI Scoping Introduction to HIPAA Developer Application Security Secure Coding OWASP Top 10 Incident Response Mobile Security Top 10 Web 2.0 Secure Coding Custom Content Our instructional designers and subject matter experts deliver custom courses by crafting content that fits your organization s program, policies, standards and business needs. Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

2 SECURITY AWARENESS Interactive Format featuring CyberBOT FishNet Security hosted or client-hosted SCORM, Tin Can and AICCcomplaint database formats 8 interactive missions that are 15 minutes or less in duration Over 60 topics using over 50 interactions 19 scenarios based on real-world threats like, malware instances, and social media incursions Integrated quizzes, matching, drag and drop, multiple choice and true/false Around the world today, hackers are networking together infected computers to create vast bot networks. These bot networks are tasked with stealing critical business data. It is vital that all organizations train their employees to protect information while also meeting compliance regulations. FishNet Security has created state-of-the-art, interactive and comprehensive security awareness training covering 45 topics to help your organization meet those objectives. Give your employees the training they need to protect your company. Mission 1: Passwords Review the importance and characteristics of a strong password. This mission provides strategies to create passwords that are easy to remember while maximizing password security. 1. Protecting Sensitive Data 2. Data Protection 3. Intrusion Prevention Techniques 4. Database Security 5. Strong Password Creation 6. Password Management Software Mission 2: Review and identify common scams such as phishing and spear phishing and determine how to eliminate their associated risks. 1. Security 2. Malware Prevention 3. Phishing 4. Spear Phishing 5. Identifying Threats Mission 3: Mobile Security Learn how to choose safe mobile applications, the importance of strong mobile passwords and best practices for reporting infected or lost devices. 1. BYOD Security 2. Mobile Download Security 3. Recognizing Malicious Applications 4. Safeguarding Mobile Assets Mission 4: Social Engineering Define social engineering and what it means to your organization. Also, learn the multiple attack methods used against you and how to combat them. 1. Common Social Engineering Techniques 2. Social Engineering via Telephone 3. Social Engineering via Onsite Attacks 4. Identifying a Social Engineer 5. Preventing a Social Engineering Attack ID#TR-GEN

3 Interactive Format featuring CyberBOT SECURITY AWARENESS Interactive learning reinforces the security messages that will keep your users from making costly mistakes. Mission 5: Workplace Security Uncover the tactics intruders use to gain access to the vital business data within the walls of your organization. Review common tactics and how to maximize workspace security. 1. Workplace Security 2. Physical Security Awareness 3. Tailgating 4. External Media (USB ) Protection & Threats 5. Protecting Your Workplace 6. Employee Security Awareness Mission 6: Outside the Office Understand common characteristics of threats outside the office and best practices to secure your organization s data. Includes how to choose a safe wireless connection, what to do if your device is lost or stolen and protecting confidential information in general conversation. 1. Travel Security 2. Airport Security 3. Wireless Network Security 4. Secure Connections Outside the Office 5. Protecting Information in Public 6. Preventing Theft of Sensitive Information Mission 7: Malicious Downloads Protecting your devices against malicious downloads is a constant effort. This mission will review at a high level how viruses work, how they spread and the dangers they can cause. Also includes how to recognize these attacks before they happen and what to do if you don t catch an attack in time. 1. Recognizing Malicious Downloads 2. Safe Web Browsing 3. Virus Identification & Remediation 4. Scareware 5. Antivirus 6. Identifying File Types 7. Protecting Your Computer & Network 8. Software Updates Mission 8: Social Media Social media use is on the rise. It s becoming more important to understand the risks associated with using it. This mission will review common tactics used by online criminals, how they target their victims and steps you can take to be safe. 1. Safe Social Media 2. Social Media Threats 3. Social Media & Social Engineering 4. URL Awareness & Identifying Malicious Links 5. Mobile Password Protection Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

4 Security Awareness for Executives featuring CyberBOT SECURITY AWARENESS With access to more company systems and information, executive and manager-level personnel are often targets of cyberattacks. This 30-minute mission is designed specifically to help them recognize and avoid such attacks and prevent other cyberthreats from impacting the workplace. Interactive missions mirror real-world scenarios executives might encounter. Course Objectives 1. Identify and prevent cyberthreats to the individual manager/executive. 2. Identify and prevent cyberthreats in the workplace. Covered 1. Information Security Complacency & Compliance (Case Study Approach) Outside the Office Rule Breakers Whaling Privilege Accounts 2. Overview of Information Security Awareness for all Employees Password Security Security Social Engineering Protection Mobile Application Security Ransomware Learn to overcome complacency when it comes to security in the workplace. ID#TR-GEN0006 ID#TR-SL

5 SECURITY AWARENESS SECURITY AWARENESS Video-hosted elearning delivers a professional format to compliment any organization s culture. Video Format This Security Awareness Solution features a host-based video format, interactive quiz questions and six fully integrated Security Awareness games. Both informative and entertaining, this elearning solution will help keep your learners engaged with security as they work as well as meet your training compliance requirements. Protecting Confidential Information Covers basic Security Awareness concepts, including Personally Identifiable Information (PII), each employee s role in Security Awareness, the cost of disclosure and how to stop disclosure of confidential information. Protecting Your Computer & Network Teaches important security basics, including creating strong passwords, Internet security basics and stopping malicious software. Mobile Computing Covers how to securely use any mobile device as well as how to protect those devices and confidential information when traveling. Physical Security Teaches all the key aspects of physical security, including types, controls, priorities and how to take action. Social Engineering & Phishing Covers how employees can stay alert and aware of all social engineering threats, including phone and attacks as well as a variety of social engineering strategies. Information Risk Management Teaches how to manage risk by assessing danger and designing effective security controls. Thank you for a great training experience. I will definitely recommend FishNet Security Training Services to my employer for future training. ID#TR-GEN

6 Credit Card Handling Employees who handle customer credit cards on a daily basis are the first stop when it comes to the security of customer data. With the proper training, they can become an asset to security rather than a liability. PCI COMPLIANCE This multi-occupational, interactive security training course will educate employees on credit card security, best practices and why it matters. Benefits Improve security effectiveness between employees and customers. Increase retention and influence behavior. Give customers peace of mind their credit card data is safe when conducting business with your organization. Introduction to PII CALL CENTER TABLE SERVICE QUICK SERVE MANAGER Phone Internet Customer not in vicinity On premise Customer in vicinity On premise Customer in vicinity Phone Internet On premise Customer in vicinity or not Credit Card Basics Transaction Best Practices Why Security Is Important Interactive What Would You Do Scenarios Best Practice Review Quiz Each course is catered to the employee s role, creating a learning experience that is relevant and easy to understand and that ultimately increases the success of the program. ID#TR-GEN0006 ID#TR-SL

7 COMPLIANCE Introduction to the Payment Card Industry (PCI) The Introduction to PCI elearning course was created with everyone who interacts with credit or debit card data in mind. This includes everyone from cashiers to traveling sales staff to system administrators. The course concisely and clearly explains what the PCI is, how employees interact with its regulations, the penalties for not complying and the types of data they can and cannot store. PCI DSS The PCI DSS standards measure organizations against an exacting security framework. Made up of six principles and 12 requirements, the PCI DSS standards can be overwhelming to those not prepared. The PCI DSS elearning course helps any manager, developer, system or network engineer or CTO understand exactly what the standards are and how they can meet each of them. By using the PCI DSS elearning course, organizations can strengthen their systems and personnel in preparation for a PCI audit. Identity theft Data protection standards Data flow PCI Council PCI DSS Classification levels Verifying compliance Card data that can be stored Penalties and fines Costs of a data breach Basic security guidelines Introduction to PCI DSS Building and maintaining a secure network Protecting cardholder data Maintaining a vulnerability management program Implementing strong access control measures Monitoring and testing your networks Maintaining an information security policy Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

8 COMPLIANCE PCI Scoping Protecting cardholder data is critical to both the organization and the customer. This course establishes best practices for creating a PCI security scope to meet your business and compliance goals. Introduction to HIPAA This course was designed for anyone who works with medical data, from nurses to third-party processers. The course concisely and clearly explains why HIPAA was created, how it affects work life, penalties for not obeying and what types of data industry employees can and cannot store. Defining and storing cardholder data Discovering your scope Determining your entity Determining your card usage level Choosing your self-assessment questionnaire History Purpose Covered entities Business entities Individual Identifiable Health Information (IIHI) Protected Health Information (PHI) Privacy I had a really positive experience... It was fun and interactive! Security Working with HIPAA ID#TR-GEN

9 DEVELOPER Application Security Hackers use a variety of attacks that can result in fraud, theft, compromise of sensitive information or data destruction. The Application Security course trains developers to modify, create and design safe and secure web-based applications by exploring eight common attacks. Each of the eight modules uses real-world and practical instruction, attack demonstrations, remediation best practices, hints and tips to educate developers. Forceful browsing Command injection Data modification in hidden fields Session hijacking program Exploiting information leakage Cross-site scripting Secure Coding The Secure Coding section is composed of eight total modules. Four of them are.net modules and four are Java modules. Each module covers the same basic information in the first quarter before diving into language-specific content..net input validation.net output encoding.net error handling.net SQL injection defense JavaSF input validation JavaSF output encoding JavaSF error handling JavaSF SQL injection defense Cross-site request forgery Client-side logic subversions Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

10 DEVELOPER The OWASP Top 10 The Open Web Application Security Project (OWASP) Top 10 document regularly provides the 10 most frequent and dangerous security vulnerabilities organizations deal with every day. This course allows users to explore what each attack is, how each attack works, detailed examples of each attack, remediation steps and best practices that they can easily incorporate into their everyday development and coding work. Risk #1: Injection Risk #2: Broken Authentication & Session Management Risk #3 - Cross-Site Scripting (XSS) Incident Response This course provides the knowledge you need to effectively become incident-ready, while helping you plan to prevent incidents and stay a step ahead. The methodologies taught focus strongly on preparation and prevention, such as having the right people and tools in place, but also dig deeply into the proper response objectives. Introduction to Incident Response The Incident Response team Operations support Handling incidents Risk #4: Insecure Direct Object References Risk #5: Security Misconfiguration Risk #6: Sensitive Data Exposure Risk #7: Missing Function Level Access Control Risk #8: Cross-Site Request Forgery (CSRF) Risk #9: Using Components with Known Vulnerabilities Risk #10: Unvalidated Redirects & Forwards ID#TR-GEN

11 DEVELOPER The Mobile Security Top 11 In today s mobile environment, there is a drive for developers to quickly and efficiently create mobile applications for a variety of devices. As they develop the next generation of mobile applications, developers must keep security best practices at the forefront. They must know how to secure both the application that will be deployed to the mobile device and the web services that power the app. If either are left insecure, attackers will exploit any weakness they find. This 1.5-hour course covers the important security topics developers need to understand, regardless of development platform or language. Application Error Messages Application Response Handling Authentication & Session Management Client Information Leakage Client-Side Injection Cross-Site Request Forgery Data Storage Sensitive Information Disclosure Transport Layer Security User Account Lockout User Input Caching Web 2.0 Secure Coding The buzzword Web 2.0 has been in the public vocabulary for years. As HTML5 and other new 2.0 technologies become widely implemented and draw closer to maturity, attackers are focusing their attention on finding exploits and attacking Web 2.0 services, technologies and languages. This program teaches developers how to avoid common pitfalls and follow best practices in six courses that total 45 minutes in length. AJAX / XML / JSON in Web 2.0 Cross-origin resource sharing Local storage Web messaging WebSocket protocol XSS in HTML5 LEARN MORE About our Industry Expertise ID#TR-GEN0006 at: Corporate Corporate Headquarters Headquarters / 6130 / 6130 Sprint Sprint Parkway Parkway / Ste. / Ste / Overland / Overland Park, Park, KS KS / / All rights reserved.