DMZ IT is delighted to offer a computer-based security awareness program that allows people to learn and practice the latest cyber-security threats in hands-on simulations. We do offer set of predefined courses from which customers may tailor of it own from our library of modules. Tools like module preview and time-to-complete calculations make course development easy for anyone. Learners don’t just watch or listen to our security awareness training. Instead they are challenged to solve hands-on simulations that replicate what they will encounter in the real world.
Our modules include:
- Privacy, PII and GDPR
- Working remotely
- Breach notification (HIPAA/HITECH)
- Insider Threat
- Malware, Ransomware
- Pasword Security
Please find bellow detailed description of the modules. Please contact us to discus your detailed requirements for cybersecurity awareness training.
Privacy and EU GDPR
This security awareness training module covers the European Union General Data Protection Regulation (EU GDPR) which will go into effect in May of 2018. It begins with an introduction to the concept of Privacy within the context of information security, followed by a brief overview of the main goals and objectives of EU GDPR. The module discusses Personal Information in more detail, providing the EU GDPR definition and common examples of personal data and related data types. Other important EU GDPR terminology, including “data subject,” “processing,” “data processors,” and “data controllers,” is also covered. The module delves into common privacy violations and their consequences, including penalties stipulated by EU GDPR. Data Protection Principles are covered as the foundation of EU GDPR. Specific aspects of the regulation are covered, with emphasis on Rights of the Data Subject, Breach Notification requirements, and the Data Protection Officer position. An important part of the training is the discussion of personal information lifecycle and general best practices for collecting, storing, using, sharing, and disposing of personal information securely.
Safe Working Remotely helps teleworkers, sales personnel, traveling managers and other, remote personnel stay safe when not working in the office or plant. Our interactive safe working remotely training covers networking essentials, safe practices in public areas, and more. Specific attention is paid to home networks and the devices and risks that come with them. This module also reviews the use of encryption over public networks and avoiding public computers, terminals, or tablets when possible.
HIPAA / HITECH
Our HIPAA / HITECH training focuses on Protected Health Information (PHI) as it applies to your role. We will discuss how PHI is defined and why it must be protected. Then, we will discuss some of the specific PHI definitions and handling procedures you will likely encounter in your role. And, finally, we will talk about resources that can answer your remaining questions about PHI at your facility.
Breach Notification (HIPAA / HITECH)
Breach Notification, or the unauthorized disclosure of Protected Health Information (PHI). Our training reviews why PHI must be protected and the consequences under HIPAA for failing to protect it. Then we will cover HIPAA’s definition of a breach and when breaches must be disclosed, including the concept of “safe harbor.” And, finally, breach notification, including who to notify and some of the rules around discovering how serious or widespread the breach was.
This training covers insider threats, such as threats posed by employees, contractors, or vendors. It explains why malicious insiders are so dangerous and provides examples of common behaviors that can be indicators of insider threat. Finally, it emphasizes reporting as the best way to combat insider threat.
This module is aimed at explaining the concept of encryption in approachable terms. It begins with an explanation of the encryption process, with examples of encrypted text. Then it covers different types of assets that can be encrypted and concludes with an explanation of the importance of following encryption-related policies and protecting encryption keys.
Phishing is a method, often used by hackers, in which electronic messages, often email, are used to “fish” for unsuspecting users in an effort to get them to perform dangerous actions. Our interactive phishing training teaches users where phishing messages may appear, how to distinguish phishing from normal communications, how to confirm “borderline” messages, and when to report specific types of attacks. Learners are guided through each attribute of a phishing message, and then challenged to distinguish phishing messages from legitimate messages in a realistic environment. Our training also covers “spear-phishing,” which occurs when hackers take the time to adapt information from social media or other sources and insert it into specially crafted phishing messages in order to target a particular organization or individual.
Malware is, literally, the “malicious software” that hackers use to take over computers, steal or corrupt data, and attack others. Our interactive malware training covers the dangers posed by this type of software, what it can infect, and how to prevent it with three anti-malware behaviors.
Ransomware is malware that holds technology for ransom. First, ransomware corrupts and locks technology like computers, mobile devices, and individual files. Then, ransomware demands money to restore and unlock those machines and data.
Mobile Security addresses issues that result from the use of mobile phones and tablets for business purposes in public places and on public networks. Our training covers safety practices (like screen locks, device encryption, and Wi-Fi validation) that users can implement in this scenario.
Social Engineering occurs when a hacker uses two-way forms of communication, including phone calls and instant messaging, to convince people to do their bidding. Our social engineering training teaches a three-step method to give people the confidence to add clarity to a confusing conversation, challenge the other person’s identity, and verify suspicious requests with another person.
Safe Browsing encompasses a number of best practices that help to keep users of the world wide web safe. Our interactive safe browsing training covers both secure communications and common attacks that hackers may attempt to launch from unsafe web sites. Special attention is paid to the proper use of HTTPS (using SSL or TLS), including the importance of private communications and browser behavior when communicating with different HTTPS sites.
Password Security helps people select strong passwords and keep them safe. Our interactive password security training walks users through the creation of a long and complex but easy-to-remember password with a list of common rules. Our training also covers real-life situations in which a password may be stolen or is discovered to be too weak, as well as the reuse of passwords within departments or across different systems, and resets of delegated account passwords.
Physical Security helps prevent information from leaking and technology from being stolen through flaws in the physical environment. Our interactive physical training covers places that information can leak out of logical systems, including printers and trash cans. It also covers the risks that people face when they leave technology unattended or unshielded in public or semi-public locations. It even covers office and plant security situations such as “tailgating,” a practice by which an authorized person is followed through a door into a secure area. After each risk is presented, practical prevention of each type of risk is discussed.
Removable Media is a term that covers USB drives, CDs, and even plugable BYOD devices such as phones, cameras and tablets. Our interactive removable media training covers two main concepts: the safe use of removable media for legitimate purposes, and attacks hackers launch from removable media. Safe use includes the use of encryption, either before data is stored or on the device itself. Hacker attacks concentrate on malware and phishing messages that are often planted on “lost” USB drives and CDs scattered near a target organization.
A PCI-compliant security awareness program requires training regarding policies and procedures that keep cardholder data safe to be administered to all personnel upon hire and at least once a year. The topics in this module cover the essential cardholder data security requirements for all different payment environments; card present, card-not-present, mail, fax, online, and phone (individual or call center.)
Privacy and PII
This module discusses cloud services. It begins with an explanation of the term “cloud”, then covers how people interact with it on a daily basis. Then it describes different types of cloud service and the benefits and risks cloud creates for businesses. Finally, tips are provided for using cloud services in a safe and responsible way.
This training module begins with the definition of Data Retention and an explanation as to why some organizations need data retention plans (regulatory compliance, business needs, litigation). Then it covers data retention plans, lists some common types of data that are subject to data retention policies, and concludes with secure data disposal considerations.
This module introduces the concept of Data Security and why it is important. It outlines the risks posed by insecure data handling and emphasizes that data security is everyone’s responsibility. Important topics related to data security are covered in detail: Data Classification, Employee Training, Software security (antivirus and updates), and secure data storage, backup, and recovery.
This training covers secure disposal of sensitive data. It begins with explanation of what it means to “destroy data” and how data can be found in many forms and locations. Then it discusses reasons for data destruction followed by a description of some common data destruction methods.
Red Flag Rule
This module begins with a brief overview of the Red Flags Rule and its main purpose. It explains the requirement of having a written Identity Theft Prevention Program, and provides some important definitions from the regulation (financial institutions, creditors, covered accounts). Then the module covers all 4 steps of the Identity Theft Prevention Program in detail: Identifying Red Flags, Detecting Red Flags, Responding to Red Flags, and Updating the Program.
Advanced Persistent Threat
This module explains the concept of APTs. It explains how to recognize APTS, why they are so dangerous, what motivates them, and what attack methods they use. A real APT attack is used to illustrate the danger of APTs and the lifecycle of a typical APT attack. Finally, some basic steps are outlined to help protect against APT attacks, including reporting suspicious activity and not sharing sensitive information.
This training provides an overview of the Gramm-Leach-Bliley Act (GLBA). It explains the purpose of the regulation and consequences of non-compliance. Three main sections of GLBA: Financial Privacy Rule, Safeguards Rule, and Pretexting Provisions, – are discussed in detail. Then the module explains the term Nonpublic Personal Information and provides common examples of it. Finally, it highlights the importance of following policies and procedures and provides some tips for maintaining the confidentiality and integrity of personal data.