Popular Courses

Security Awareness for Non-Technical Staff

Strategic Course Goals and Objectives:
• Identify the risks that the organization’s information assets are exposed to
• Be aware of and careful with the information that passes through participant’s hands
• Empower participants as information watchdogs
• Protect the information of the organization and avoid embarrassment and the costs of a security breach
• Complement the role of technology professionals who cannot, without non-technical staff help, adequately protect information
Content of the workshop is designed to help participants:
• Become aware of the current threat environment and the limits of technical solutions to protect the organization’s information assets
• Identify the ways in which we are careless with information and open ourselves to having that information compromised
• Use technology safely in a dangerous neighborhood
• Prevent social engineering by becoming aware of the strategies of those who threaten our information
• Defining their new role and learning the Junkyard Dog pledge

Presentation Options:
This workshop is also available as a self-study version with quizzes and exercises designed to assure that concepts have been internalized. An online newsletter and posters are available to supplement workshop learning objectives and remind participants of what they have learned.
Course Outline:
Module 1: Introduction
• Challenges for today’s organizations and those who work in them
• Objectives of the workshop
• The junkyard dog metaphor
• Organization of the workshop
• Getting acquainted with one another
Module 2: The threat environment
• Current status of the threat and causal factors
• The changes in legal requirements for reporting of breaches and protecting information assets
• Your organization’s security policy
• User risk categories
o Lack of awareness and careless mistakes
o Careless use of technology
o Vulnerability to social engineering
Module 3: Lack of awareness and carelessness
• The roots of the lack of awareness
• Information awareness risks
• Best practices in error prevention
• The information inventory
Module 4: Using technology wisely
• Electronic security systems
• Responsibilities of information technology users
Module 5: Protecting ourselves from social engineering
• Social engineering defined
• How it works
• Variations of social engineering
• Human motivations and emotions that allow social engineering
• Best practices in prevention
• Attack trees
Module 6: Workshop wrap-up and the JYD Pledge