Cyber Security Awareness Training


Minimum 10 trainees. This course helps employees develop better security practices. It may form part of a compliance program for HIPAA, FISMA, GLBA, PCI-DSS, ISO, and other laws or standards.


Course Description

In this course we will look at risks, attack types, and defenses we can use to protect sensitive information. By the end of the course you should have an appreciation of the stakes, and an idea of how to do your part by practicing good information security.

The course begins with easy concepts and vocabulary. It then builds to more advanced topics so that trainees may become more conversant in cyber security risks and countermeasures.

This course is designed for organizations that need to educate computer users and harden against attacks. It goes beyond basic compliance and aims to genuinely improve the organization’s security posture, including the attitude of employees and contractors toward information security. “Information security is part of everyone’s job” is perhaps the most emphasized concept in the course.

This course may form part of a compliance program for laws and regulations such as HIPAA Security Rule, FISMA, Gramm Leach Bliley (GLBA), and others. Both broad awareness training, and training appropriate to roles with access to sensitive information and systems, are included.

Additionally, the course addresses training requirements under several standards, including  PCI-DSS for all personnel, NIST 800-50, ISO 27001, and ISO 22301.

This is a self-paced course with a completion time of 20 minutes to 1 hour for most trainees. A trainee who passes the course final exam with a score of 70% is deemed to have passed the course. A certificate of completion is issued for your records.

Minimum number of seats for purchase is 10; please contact us if you have questions before purchasing. Please see our training terms before purchasing. We offer a 30 day refund period for unused credits, and a limited refund period for credits that have been assigned to a trainee.

Note: If you are a user of the Kraken GRC software, access to this training may be included in your monthly subscription for authenticated Kraken users.

Course outline:

Risks & Examples
Medical Facilities Fined
Ransomware Incidents
The Hacking of [Example Organizations]
Attack Vectors
Entry Points
1 – Don’t share credentials
2 – Keep software up to date
3 – Use strong passwords and a password manager application
4 – Use two factor authentication (2fa) for sensitive systems
5 – Verify the authenticity of emails, links, and attachments
6 – Avoid suspicious sites and emails, and report any strange activity on your computer
7 – Follow procedures for removing and storing sensitive data
8 – Use a management system to track training, audits, and compliance
9 – Work in conjunction with IT security professionals to secure sensitive data and systems
10 – Watch out for potential security problems, and speak up about any you find
Next Steps