Information Security Essentials for Corporate Users

Course Title	: Information Security Essentials for Corporate Users
Course Duration	: 2 Day Instructor Led Workshop F2F and Online : Online workshop is delivered in two days, two units each day between 9:30 am to 1 pm and 2 pm to 5:30 pm
Course Fee	: Available upon request (Write to us at info@tlcpak.com)
Course Location	: TLC, Customer Onsite and Online
Course Code	: TN226
Deliverables	: Comprehensive Student Guide and Workshop Certificate

Customer onsite workshop can also be conducted for customers in Lahore, and Islamabad

PURPOSE:
In the era of digital transformation, the importance of information security and cybersecurity have been emerged as an essential education/training and is recommended to take by users from all LOB’s as a part of an organizational internal security policy helping them to understand and combat against latest types of threats, risk and vulnerabilities and how to effectively safeguard their endpoint devices.

Attacks on cloud accounts up 630% during COVID-19 pandemic during January and April 2020 time-frame. As per McAfee survey, it is found that overall enterprise use of cloud services increased by 50%, and use of collaboration services such as Cisco WebEx, Microsoft Team, Slack and Zoom increased up to 600%. In a nut shell, security vendors attributed much of those increases to the COVID-19 pandemic. Also, 48% of employees according to Gartner's Board of Directors 2021 survey, 48% of employees are working remotely now, versus 30% before the pandemic. 82% of organizations are planning to allow their employees to continue working from home at some level. 40% of companies that suffer a massive data loss will never reopen - Gartner Group.

Corporate end users are the first line of defense against cyber-attacks that target your endpoints, such as phishing, malware, ransomware, or data breaches. If they are not aware of the signs and symptoms of these attacks, or how to respond to them, they can compromise your network, your data, and your reputation. Educating and training your end users on endpoint security awareness and best practices can help you reduce the likelihood and impact of these attacks, as well as improve your compliance and governance.

The core reason is to bring all users on one page helping them to explore the reason behind why the protection of information is important. Protection of information is considered as one of the critical function for all enterprises. Cybersecurity is a growing and rapidly changing field and it is vital that the principal concepts that frame and define this increasingly pervasive field are clearly understood by technology professionals who are involved and concerned with the security implications of information Technologies. This workshop is designed for this purpose, as well as to provide the insight into the importance of cybersecurity, and the integral role of cybersecurity professionals.

The training course flow will be a mix of lectures & classroom discussions so that participants can have a detailed understanding of various components of cybersecurity technologies.

After completing this workshop, you will be able to:

Understand basic information and cybersecurity concepts and classifications.
Recognize malware analysis concepts and methodology used by hackers.
Distinguish system and application security threats and vulnerabilities.
Classify different types of malwares.
Understand security event correction tools.
Be aware of the basic concepts, practices, tools, tactics, techniques and procedure used today by cyber-criminals.
Elaborate basic security principles, guidelines and procedures to safeguard data.
Understanding Data Encryption and types of encryption.
Describe why data encryption is important.
Understand Identity Theft Protection and how Multi-factor Authentication can help in reducing the overall implications with typical scenarios.
Exploiting “Users” role in Information Security.

ABOUT THE INSTRUCTOR
This workshop shall be delivered by TOGAF 9 Certified/IBM Certified Infrastructure System Architect and an experienced trainer with 25+ years of career experience imparting education and training services both locally and internationally and have worked for international enterprise technology vendors including IBM, Fujitsu, and ICL. Our instructor holds various industry professional certifications in the space of enterprise servers and storage technologies, Information Security, Enterprise Architecture, ITIL, Cloud, Virtualization, Green IT, and a co-author of 10 IBM Redbooks.

TARGETED AUDIENCE:
This workshop is intended for resources from:

Different LOB's including business, finance, procurement, digital application, audit, risk, compliance, information security, IT operations, project management, software development, legal and HR professionals with a familiarity of basic IT/IS concepts who want to;
Who want to learn new basic trends in Information Security and cybersecurity.
Want to explore the new trends of cyber threats, risks and overall vulnerabilities attached with emerging technologies.
Students and fresh graduates.
CXO's, Managers, Senior IT and Business Leaders who want to refresh their present knowledge in the field of information and cybersecurity.

A FLEXIBLE PRICING MODEL FOR CORPORATE:
This workshop can also be delivered for an organization at their premises with up to 30% reduction is the cost subject to 10 -30 corporate users taking this session from different LOB’s.

In a nut shell, this workshop shall increase the focus on information and cybersecurity to protect sensitive data and systems. No organization, regardless of size or industry, is immune to cyberattacks, and just one breach could cause significant financial, reputational or regulatory consequences. However, an effective control environment can reduce the likelihood of a breach, enhance incident detection and response, and accelerate recovery efforts to limit damage.

Moreover, two criteria can help determine the effectiveness of a data security methodology. First, the cost of implementing the system should be a small fraction of the value of the protected data. Second, it should cost a potential hacker more, in terms of money and/or time, to compromise the system than the protected data is worth.

PREREQUISITES:
Participants attending this workshop should be familiar with basic Information Technology (IT) and Security concepts, business challenges and the role of general system wide infrastructure technologies and their applications.

COURSE OUTLINE

Unit 1 – Understanding the Role of Information Security and Cybersecurity

A little backdrop on recent cyber attacks in Pakistan

World is getting instrumented, interconnected & intelligent.

Exponential Data Growth – Some key facts and figures.

The evolution of storage technology and future predictions.

Assume a world without a security.

Most Frequently Targeted Industries in 2019.

Why a security is becoming a board room discussion.

Key Security Concerns for the Executive Management.

Security Vs. Safety in a view.

How to avoid Social Engineering & Malicious Software.

Hacker tricks to avoid – Recommendations.

Understanding Cybersecurity and Cyberspace.

Differences between Information Security and Cybersecurity.

Multiple layers of protection offered by Security Solutions.

Why securing your environment is important?

More devices than Humans – One of the serious concern.

What is Information Security.

Information Security and Dependability.

Why you need to make security a priority.

Types of cybersecurity threats.

Malware Detection.

Why is Cyber Resilience needed.

Top 11 ways poor security issues that can harm you.

Security – Defense in depth.

Security Awareness – The 6 Layered Model.

Blueprint for Cybersecurity Success.

What are the objectives of Cyber Security?

Adoption of Cybersecurity best practices.

Cybersecurity Awareness – Summary.

Questions you should ask your Services Provider.

Careers in information and cybersecurity.

Typical roles security specialist in the industry.

Unit 1 Assessment.

Unit 2 -Essential Security Principles and Guidelines

Why Data Protection is important for organizations?

What are best practices, guidelines, frameworks, and security controls?

Types of cybersecurity controls and their examples.

Essential guidelines for setting up a user password.

Understanding security guidelines and principles.

Basic guidelines for setting up a user password.

Tips for keeping your password secure.

The seven key Cybersecurity Principles.

Understanding Data Encryption and types of encryption.

Describing Symmetric and Asymmetric Encryption.

The 8 Principles of Cybersecurity Laws.

Goals and Principles of Cybersecurity –The larger picture.

About National Response Center for Cyber Crime –Pakistan.

Center of Internet Security Guidelines: Top 20 Cybersecurity Controls.

Describing Identity Theft Protection.

Understand Multi-factor Authentication and typical scenarios.

Unit 2 Assessment.

Unit 3 – Dealing with Risks, Threats and Vulnerabilities

Examining the Cost of a Data Breach.

To address security threats, leaders must avoid following common myths.

Understand Incidents, Breaches, Risk & Vulnerability.

Use five fundamental security principles to help guide you.

Threats, Motives and Methods.

Juice Jacking explained and its consequences.

Threats and security challenges faced today.

Understand Threat management.

Different threat levels and risks.

Knowing security threats and their channels.

Understanding Security Elements –The larger picture.

Attack Progression Mode used by cyber-criminals.

Risk Management: Know your risks.

The role of Risk Management.

Defense Planning –Risk Analysis and Assessments.

Risk Management Approach, key objectives and benefits.

A small backdrop on ISO 27001.

Qualitative Risk Assessment –Simple and Detailed Risk Assessment

Security risks and solutions in the digital transformation age.

Possible vulnerabilities that one cannot ignore.

Types of Comprehensive Vulnerability Assessments.

Elements of Risks.

Threat, Risk and Vulnerability –A High Level Summary.

Unit 3 Assessment.

Unit 4 – Corporate Users Role in Information Security

What do your device know about you?

Access and manage vulnerabilities in mobile systems.

Endpoint security issues caused by users.

Common breach vectors - Statistics that you cannot ignore.

The Role of Authentication and Authorization.

What is Role?

Understanding “Users” role in Information Security.

Differentiating between the role of Data Steward and Data Custodian.

Users role in Information Security.

Safeguarding Institutional Data.

Protecting Electronic Data, Safeguard your Passwords, Secure Your Computer, Protecting Physical Data, Disposing of Data (Data Sanitization).

Safeguarding Electronic Communications.

Understand Role Based Access Control.

Traditional Approach to System Administration.

RBAC Administration Advantages.

RBAC Framework.

Understanding Roles and Authorization.

RBAC - A Generic Behavior.

Avoid Risky Behavior Online.

Block or allow pop-ups in your Web Browsers – An important step.

Check and remove malware from your computer – Windows.

Tips to help you stay more secure online – A Brief Summary.

Report any Suspected Security Breach.

Adhere to the Computing Policy.

Additional Information –Guidelines.

Typical cybersecurity roles in the industry.

Unit 4 Assessment.