Blog
 

S.H.I.E.L.D Cybersecurity Awareness Training Catalog

Multi-Topic Foundational Courses

Security Awareness Fundamentals Theme

30 min | Employees will master the fundamentals of information security including key threats and how to counter them. Key Topics: password management, identity theft, malware, social engineering, phishing, physical security, travel safety, mobile data, privacy and acceptable use.

Human Firewall Theme: Security Awareness and Literacy

85-90 min | One course that covers every topic required by major standards and regulations. Key Topics: password management, viruses and malware, mobile data, physical security, social engineering, phishers, acceptable use policies, incident response, security services, risk management, network eavesdropping, encryption, malware, backups, protecting your home computer, identity theft, privacy and legal issues.

Strongest Link Theme - Security Awareness and Literacy

50-60 min | Employees will master the fundamentals of information security including key principles, concepts, vulnerabilities, threats and how to counter them. Key Topics: password management, viruses and malware, mobile data, physical security, social engineering, phishers, acceptable use policies, incident response, security services, risk management, network eavesdropping, encryption, malware, backups, protecting your home computer, identity theft, privacy and legal issues.

A Day in the Life Theme - Security Awareness

65-75 min | In this highly interactive course, learners will explore key information security concepts, examine threats and how to counter them, and review safe computing habits that can be applied at home and in the workplace. Key Topics: password management, viruses and malware, mobile data, physical security, social engineering, phishers, acceptable use policies, incident response, security services, risk management, network eavesdropping, encryption, malware, backups, protecting your home computer, and identity theft.

 


 

Single Topic Courses

Phishing

12 min | Because today’s computers and networks are heavily defended from a direct assault, hackers are now much more likely target end-users when trying to break in. This course teaches best practices for recognizing and preventing both phishing and spear-phishing attacks.

Defeating Social Engineers

10-17 min | End users have what a hacker wants – a computer that’s behind the network firewall, a network username and password, and possibly access to trade secrets, confidential information, and bank accounts. This course will teach end users how to identify and avoid giving away sensitive information to these hackers.

Protecting Mobile Data and Devices

8 min | Because today’s smartphones and tablets can not only act as a phone, but also as an email client, mobile internet device, camera, GPS navigation system, entertainment console, and platform for any number of applications (apps), they can be exposed to many of the same risks as a desktop computer.

Appropriate Use of Social Media

14 min |  Social media can be an excellent tool to connect and interact with customers, show thought leadership, and build a brand, but it also poses unique security, HR, and public relations challenges. This course covers social media best practices.

Working Remotely

12 min | Mobile computing devices like laptops, smartphones, and tablets can be found everywhere – at home, in the office, and everywhere in between. These devices, combined with high speed wireless connections, make working remotely easier than ever. However, working outside of a company’s secured facilities expose an organization’s physical and information assets to additional threats.

Password Management

15 min | Passwords are the keys to our digital lives and protect us from hackers and cybercriminals, but how exactly could a hacker crack your password and what can you do to protect it? This course shows the tactics hackers use to compromise accounts and the password security best practices that can help prevent that from happening.

Physical Security

10 min | Your personal safety at work is of paramount importance. This course is designed to teach employees how to protect an organization from criminals, espionage, workplace violence, natural disasters, and other threats.

Email Security & Instant Messaging Security

11 min | Email and instant messaging (IM) are essential communication tools that most people use just about every day. They’re incredibly useful applications because they allow you to quickly and efficiently exchange messages and files with just about anyone else in the world. However, it’s a two-way street, meaning that since you can connect with anyone online, anyone else, including hackers and cybercriminals, can connect with you.

Cloud Security

9 min | Cloud-based services offer incredible convenience and can help people be more productive, especially while on the go. But they also create new security challenges, because the security of any information stored on the cloud is only as good as the security of the service provider who holds it. This course uses high-quality video and real-world simulations to teach best practices for cloud security.

Internet of Things & Home Security

10 min | Almost anything can be made into a “smart” device, such as security cameras and sensors, TVs, garage door openers, door locks, wearable devices, pacemakers, and even cars. These devices are what we refer to as the “Internet of Things” (IoT), which holds the promise of adding a whole new level of convenience and connectedness to everyday life. Having that many new, connected computing devices, most of which record activity, presents new challenges for security and privacy.

Incident Reporting

7 min | Reporting incidents of suspicious activity and the loss of assets or sensitive information is extremely important. In this module, employees will learn about common physical and information security incidents that should be reported and how to report them.

 


 

Standards & Compliance

HIPAA/HITECH Privacy for Business Associates

60 min | The final Omnibus rules for the Health Insurance Portability and Accountability Act (HIPAA), as amended by the HITECH Act places greater responsibility on all business associates to safeguard Protected Health Information. Business associates and their subcontractors will, for the first time, have some absolute obligations for how they can use and disclose protected health information that they handle on behalf of the covered entity. This privacy course is specifically tailored to help employees of business associates understand what information is private, why it is private and what they can do to protect it.

HIPAA/HITECH Privacy for Covered Entities

60 min | Training employees to safeguard Protected Health Information (PHI) is a requirement of all “covered entities” based on the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act. This privacy course is specifically tailored to help healthcare employees understand what information is private, why it is private and what they can do to protect it.

HIPAA/HITECH Information Security

45 min | The final Omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and significantly strengthens the government’s ability to enforce the law. Training employees to safeguard Protected Health Information (PHI) is a requirement of all “covered entities” based on the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act. This privacy course is specifically tailored to help healthcare employees understand what information is private, why it is private and what they can do to protect it.

HIPAA/HITECH Medicare Fraud, Waste, and Abuse

15 min | Fraudulent and abusive practices put the health and welfare of millions of Americans at risk, and cost U.S. taxpayers billions of dollars every year. If organizations do not have programs designed to prevent, detect, and correct noncompliance, patients’ Medicare services might be delayed, they might not be able to use the providers of their choice, or their benefits could be denied. In this course, you will learn how you can help fight fraud, waste, and abuse in Medicare programs, including, what the major laws are that prohibit abusive practices, how to recognize unlawful activities, how to prevent, correct, and report fraudulent, wasteful, and abusive actions, and where to get help.

US Organizations and the GDPR

20 min | GDPR is a global regulation and impacts companies that do business in the EU. Non-EU companies that process personal data of EU citizens are subject to EU rules even if they are not located in Europe. This course is designed to introduce US based companies to GDPR regulations that impact their business.

GDPR Introduction and Overview

20 min | Target Audience – all users/general audience. Please Note: This course covers information for those who reside in an EU member country. Learn key concepts and fundamentals of the new regulations. Recognize situations where the GDPR comes into play and what to do when you encounter GDPR regulated data.

GDPR Key Principles of the GDPR

15 min | Target Audience – data handlers, IT/security, DPOs, staff, managers, and executives. Please Note: This course covers information for those who reside in an EU member country.  Learn key concepts and fundamentals of the new regulations. Recognize situations where the GDPR comes into play and what to do when you encounter GDPR regulated data.

GDPR Transfers of Data Outside of the EU

15 min | Learn how the GDPR affects your organization when transferring or receiving EU citizens’ private information outside the borders of the UK and EU.

GDPR Differences of EU vs US Privacy

8 min | Learn about the differences in privacy expectations and requirements of the United States and UK and EU.

GDPR Processing Personal Data

8 min | Learn how to address the new regulations of processing personal data according to the GDPR.

GDPR Data Protection Requirements

15 min | Introductory course that outlines the new GDPR considerations.

PCI Essentials for Cardholder Data Handlers and Supervisors

25 min | This course teaches employees and supervisors what PCI DSS is, how it affects your organization, and the best practices to follow.

PCI Requirements Overview for IT Professionals

40 min | This course teaches IT professionals what PCI DSS is, how it affects your organization, and how to comply with the 12 outlined requirements.

Privacy and Data Protection

30 min | This course will help employees understand what information is private, why it is private, and what they can do to protect it throughout the data lifecycle. This is important whether the information is in paper or digital format.

Data & Records Retention

35 min | Data in electronic and hard copy format within organizations is growing at a rate of about 125% per year and yet only 20% of that data is actually used to conduct business. Managing all of that data can become an administrative nightmare for you and the organization as a whole. This is especially true when litigation is pending and we must sift through all of our records to find certain pieces of data.

 


 

Micro Learning Mini Modules

In-person Social Engineering

4 min | Social engineering attacks can often occur in person. In-person social engineers will use information obtained both online and offline, along with lies and manipulation, to gain access to your systems and facilities.

Social Engineering – How It Works

4 min | The more you learn about how social engineering works, the better you can defend yourself and your organization against social engineering attacks.

Online and Targeted Social Engineering

4 min | Social engineers may use both technical and non-technical methods in a “targeted attack,” aimed at select individuals. Attacks are tailored; therefore, they can be very difficult to recognize, making them an effective threat.

Social Engineering – Countermeasures and Incident Response

4 min | Understanding what to do in the event of a social engineering attack can be just as important as prevention. Utilizing effective countermeasures and incident response procedures will help you to avoid falling prey to social engineers.

Appropriate Use of Social Media

5 min | Properly used, social media can be a great asset to any organization. However, there are many pitfalls associated with using social media, especially since these sites tend to blur the lines between what’s personal and professional.

Secure Use of Social Media

4 min | Improper use of social media can also expose you to a wide range of security and privacy issues, malicious software, and scams.

Social Media Best Practices

4 min | When posting a comment, file, image, or video to social media platforms, you never know who will see it. Whatever you choose to express can be quickly copied and spread without your knowledge.

Outwitting Internet Phishers

7 min | Phishers will typically send fake emails that appear to come from someone you trust, such as a bank, credit card company, or popular website. The email may ask you to “confirm your account details” and direct you to a website that looks just like the real website, but whose sole purpose is stealing your information.

Outwitting Spear Phishers

4 min | Whereas internet phishers target a wide audience by sending fake emails to any address they can find, spear phishers target a select group, or a few individuals, with a highly tailored message. This method is much harder to counter because the email messages can seem so authentic.

An Introduction to Insider Threats

7 min | Across the globe, organizations spend countless hours working to keep sensitive data out of the hands of cybercriminals. This task has become even more difficult to manage due to an increasing number of data compromises that stem from insider threats. Internal threats can be successfully addressed using the strategies shared in this module.

Protecting Kids from Cyberbulling

4 min | Cyberbullies use electronic communications to torment others with an onslaught of teasing, humiliation, and threats with the intent to do harm. According to research, cyberbullying may be a preferred attack method due to the perceived anonymity of the internet. Help prevent cyberbullying by applying the recommendations presented in this module.

Protecting Mobile Devices and Data

4 min | Learn how smartphones and tablets are exposed to many of the same risks as desktop computers. This course provides an overview of these risks as today’s mobile devices can not only act as a phone, but also as an email client, mobile internet device, camera, GPS navigation system, entertainment console, and platform for any number of applications (apps).

Additional Best Practices for Mobile Devices

4 min | Today mobile devices are exposed to many of the same risks as desktop computers. This course provides an in-depth understanding into how today’s smartphones and tablets can not only act as a phone, but also as an email client, mobile internet device, camera, GPS navigation system, entertainment console, and platform for any number of applications (apps).

Ransomware – How to Defend Yourself

4 min | Ransomware is a type of malicious software used by hackers to encrypt files and other functions from a user until the victim pays a “ransom.” This form of cyberattack has become one of the most used and most costly threat to businesses and individuals alike.

Protecting Against Malicious Insiders

8 min | The threat is real. It’s taking place somewhere, right now. A malicious insider has decided to mount a cyberattack against your organization from the inside out. This malicious insider will stop at nothing to get the data they need to commit theft, fraud or sabotage. Protect your workplace by applying the strategies provided in this module.

Preventing Malware – Mobile Devices

3 min | Mobile devices, including smartphones and tablets, have become so common in the workplace that many organizations now consider them essential tools. This course provides preventative measures against malware specific to mobile devices.

The Malware Threat

5 min | Learn about how malware is used to steal information, destroy or lock users from data, or disrupt operations.

 


 

Role-Based Courses

Security Awareness for Managers

30 min | Reduce organizational risk, increase productivity and comply with policies, laws and regulations by increasing you and your employees’ knowledge of security awareness.

Information Security for Executives

14 min | Cybercriminals use focused and sophisticated attacks to target C-level executives, upper management, and those with privileged access to an organization’s systems. They are out to steal money, personal /credit info of clients and customers as well as intellectual property and other assets from organizations across the globe.

Privileged User Security

20 min | Hackers and cybercriminals specifically target privileged users. Learn about security best practices to defend against hackers.

Baseline Information Security Training for IT Professionals

60 min | This course is designed to provide fundamental information security knowledge that every employee in the IT Department must have in any organization. This course is easily customized to fit your particular policies, procedures, best practices & guidelines.

Introduction to the OWASP Top 10

15 min | The Open Web Application Security Project (OWASP) is a global community focused on improving the security of web application software. The OWASP Top Ten list is highly respected and has been adopted by, among other organizations, the Payment Card Industry (PCI) Security Standards Council.