: Security awareness – isec

Security awareness

April 27, 2017 isec No Comments

Service overview

Bringing security in staff daily activities has proved to be a major factor for reducing organizational risks. Using our wide experience in management systems implementations, penetration testing and security assessments, we manage to properly designed best fitted security awareness programs that respond both to management expectations and standard requirements.

Beyond your security efforts and investments in actual technologies, a comprehensive security awareness cycle that periodically delivers knowledge and alerts to different groups of trainees is for sure a complete approach against new security threats and exploits.

You will be able to:

  • Know your threats, types of threats, motivation
  • Identify common attacks, how to distinguish between usual patterns and suspicious activity
  • Obtain effective training with the use of targeted lessons and dedicated hands-on sessions
  • Gain compliance and expertize, and focus on protecting your assets sooner

Methodology

Delivery methods may be selected using specific criteria, from our training methodology: subject-centred seminars, executive briefings, hands-on sessions, developing content for newsletters, sites or portals, etc.

The periodicity by which the user gets the information is another critical factor for success. The content is updated with the latest threats and concerns on security, employees learning how to protect against phishing, sniffing, social engineering attacks, physical threats or BYOD specific issues. We adapt the content so that it remains accurate, reliable and timely fashion.

Here are some of the activities:

  • Assess the context- scope, organizational roles, sensitive business processes or assets
  • Assess the actual status of training and understanding, and issues
  • Segment the audience by domains of interests, skills and future projects, etc.
  • Program development (differentiated per job categories: employees, business managers, senior managers, contractors/3rd party, etc.), establish topics and delivery mechanism
  • Choose different formats for presenting information and communicating
  • Develop content and materials for an awareness session

Deliverable

Deliverables for a security awareness program may vary, depending on the clients’ needs:

  • Security Awareness Initial Report – needs, findings, high risks areas;
  • Training and Awareness Implementation Plan;
  • Set of training materials, with content and tests, for lector-based security awareness sessions and online content with voiceover, for e-learning;
  • Awareness materials with different topics;
  • Social engineering activities and reporting.