TRAINING SERVICES elearning

(1)

Securely Enabling Your Business

TRAINING SERVICES |

e

LEARNING

Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS 66211 • 888.732.9406

Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211-1155 / 888.732.9406

Engaging and Effective

Overview

FishNet Security’s Training Services team offers engaging, interactive

eLearning courses that cover a range of security topics including security awareness, compliance, secure coding and application development. For more than a decade, our clients have benefited from our training services, helping them meet their organizational and compliance goals.

Proven eLearning Solutions

Simplify your eLearning initiatives with an industry-leading training solution that addresses the following core business objectives:

9 Meets compliance

9 Maximizes data security

9 Cost-effective implementation

9 Easy to use

9 Ensures training best practices

FishNet Security Hosted Solution

9 Powerful learning management system (LMS)

9 Secure environment

9 Quick, hassle-free implementation

Self-Hosted Solution

9 Delivered to your environment using SCORM, AICC or Tin Can format

Our eLearning Advantage

9 Online reporting

9 Email notifications and reminders

9 Progress tracking

9 Certificates

9 System audits

9 Mobile interface

9 Multi-lingual support

9 Modular licensing options

eLearning Courses

Security Awareness ͳ Interactive Format featuring CyberBOT ͳ Security Awareness for Executives ͳ Video Format Compliance

ͳ Credit Card Handling

ͳ Introduction to PCI ͳ PCI DSS ͳ PCI Scoping ͳ Introduction to HIPAA Developer ͳ Application Security ͳ Secure Coding ͳ OWASP Top 10 ͳ Incident Response

ͳ Mobile Security Top 10

ͳ Web 2.0 Secure Coding

Custom Content

Our instructional designers and subject matter experts deliver custom courses by crafting content that fits your organization’s program, policies, standards and business needs.

(2)

TRAINING SERVICES |

e

LEARNING

Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211-1155 / 888.732.9406 © 2014 FishNet Security. All rights reserved.ID#TR-GEN0006 05.13.2014 Around the world today, hackers are networking together infected computers to create vast bot networks.

These bot networks are tasked with stealing critical business data. It is vital that all organizations train their employees to protect information while also meeting compliance regulations. FishNet Security has created state-of-the-art, interactive and comprehensive security awareness training covering 45 topics to help your organization meet those objectives. Give your employees the training they need to protect your company.

Mission 1: Passwords

Review the importance and characteristics of a strong password. This mission provides strategies to create passwords that are easy to remember while maximizing password security.

Topics

1. Protecting Sensitive Data 2. Data Protection

3. Intrusion Prevention Techniques 4. Database Security

5. Strong Password Creation 6. Password Management Software

Mission 2: Email

Review and identify common email scams such as phishing and spear phishing and determine how to eliminate their associated risks.

Topics

1. Email Security 2. Malware Prevention 3. Phishing

4. Spear Phishing

5. Identifying Email Threats

Mission 3: Mobile Security

Learn how to choose safe mobile applications, the importance of strong mobile passwords and best practices for reporting infected or lost devices.

Topics

1. BYOD Security

2. Mobile Download Security

3. Recognizing Malicious Applications 4. Safeguarding Mobile Assets

Mission 4: Social Engineering

Define social engineering and what it means to your organization. Also, learn the multiple attack methods used against you and how to combat them.

Topics

1. Common Social Engineering Techniques 2. Social Engineering via Telephone 3. Social Engineering via Onsite Attacks 4. Identifying a Social Engineer

5. Preventing a Social Engineering Attack

Interactive Format

featuring CyberBOT

• FishNet Security hosted or client-hosted • SCORM, Tin Can and

AICC-complaint database formats • 8 interactive missions that are 15

minutes or less in duration

• Over 60 topics using over 50 interactions • 19 scenarios based on real-world

threats like, malware instances, email and social media incursions

• Integrated quizzes, matching, drag and drop, multiple choice and true/false

SECURITY AWARENESS

(3)

Mission 5: Workplace Security

Uncover the tactics intruders use to gain access to the vital business data within the walls of your organization. Review common tactics and how to maximize workspace security.

Topics

1. Workplace Security

2. Physical Security Awareness 3. Tailgating

4. External Media (USB ) Protection & Threats 5. Protecting Your Workplace

6. Employee Security Awareness

Mission 6: Outside the Office

Understand common characteristics of threats outside the office and best practices to secure your organization’s data. Includes how to choose a safe wireless connection, what to do if your device is lost or stolen and protecting confidential information in general conversation.

Topics

1. Travel Security 2. Airport Security

3. Wireless Network Security

4. Secure Connections Outside the Office 5. Protecting Information in Public

6. Preventing Theft of Sensitive Information

Mission 7: Malicious Downloads

Protecting your devices against malicious downloads is a constant effort. This mission will review at a high level how viruses work, how they spread and the dangers they can cause. Also includes how to recognize these attacks before they happen and what to do if you don’t catch an attack in time.

Topics

1. Recognizing Malicious Downloads 2. Safe Web Browsing

3. Virus Identification & Remediation 4. Scareware

5. Antivirus

6. Identifying File Types

7. Protecting Your Computer & Network 8. Software Updates

Mission 8: Social Media

Social media use is on the rise. It’s becoming more important to understand the risks associated with using it. This mission will review common tactics used by online criminals, how they target their victims and steps you can take to be safe.

Topics

1. Safe Social Media 2. Social Media Threats

3. Social Media & Social Engineering

4. URL Awareness & Identifying Malicious Links 5. Mobile Password Protection

Contact Us

For a free demo or more information:

[email protected]

/

www.fishnetsecurity.com/Training

/

888.732.9406 Interactive learning reinforces the

security messages that will keep your users from making costly mistakes.

TRAINING SERVICES |

e

LEARNING

Interactive Format featuring CyberBOT

SECURITY AWARENESS

(4)

TRAINING SERVICES |

e

LEARNING

TRAINING SERVICES |

e

LEARNING

SECURITY AWARENESS

Topics Covered –

Course Objectives –

1. Information Security Complacency & Compliance (Case Study Approach)

▪ Outside the Office

▪ Rule Breakers

▪ Whaling

▪ Privilege Accounts

2. Overview of Information Security Awareness for all Employees

▪ Password Security

▪ Email Security

▪ Social Engineering Protection

▪ Mobile Application Security

▪ Ransomware 1. Identify and prevent

cyber-threats to the individual manager/executive. 2. Identify and prevent

cyber-threats in the workplace.

Interactive missions mirror real-world scenarios executives might encounter.

Learn to overcome complacency when it comes to security in the workplace.

Contact Us

For a free demo or more information:

[email protected]

/

888.732.9406

Security Awareness for Executives featuring CyberBOT

With access to more company systems and information, executive and manager-level personnel

are often targets of cyberattacks. This 30-minute mission is designed specifically to help them

recognize and avoid such attacks and prevent other cyberthreats from impacting the workplace.

(5)

TRAINING SERVICES |

e

LEARNING

SECURITY AWARENESS

Protecting Confidential Information

Covers basic Security Awareness concepts, including Personally Identifiable Information (PII), each employee’s role in Security Awareness, the cost of disclosure and how to stop disclosure of confidential information.

Protecting Your Computer & Network

Teaches important security basics, including creating strong passwords, Internet security basics and stopping malicious software.

Mobile Computing

Covers how to securely use any mobile device as well as how to protect those devices and confidential information when traveling.

Physical Security

Teaches all the key aspects of physical security, including types, controls, priorities and how to take action.

Social Engineering & Phishing

Covers how employees can stay alert and aware of all social engineering threats, including phone and email attacks as well as a variety of social engineering strategies.

Information Risk Management

Teaches how to manage risk by assessing danger and designing effective security controls.

Video Format

This Security Awareness Solution features a host-based video format, interactive quiz questions and six fully integrated Security Awareness games. Both informative and entertaining, this eLearning solution will help keep your learners engaged with security as they work as well as meet your training compliance requirements.

Video-hosted eLearning delivers a professional format to compliment any organization’s culture.

Thank you for a great training

experience. I will definitely

recommend FishNet Security

Training Services to my employer

for future training.

(6)

TRAINING SERVICES |

e

LEARNING

PCI COMPLIANCE

» Improve security effectiveness between employees and customers.

» Increase retention and influence behavior. » Give customers peace of mind their credit

card data is safe when conducting business with your organization.

Each course is catered to the employee’s role, creating a learning experience that is relevant and easy to understand and that ultimately increases the success of the program.

CALL CENTER

TABLE SERVICE

QUICK SERVE

MANAGER

Introduction to PII Credit Card Basics

Transaction Best Practices Why Security Is Important

Interactive “What Would You Do” Scenarios Best Practice Review

Quiz

Course Outline –

Benefits –

9 Phone 9 Internet

9 Customer not in vicinity

9 On premise 9 Customer in vicinity 9 On premise 9 Customer in vicinity 9 Phone 9 Internet 9 On premise

9 Customer in vicinity or not

Credit Card Handling

Employees who handle customer credit cards on a daily basis are the first stop when it comes to the security of customer data. With the proper training, they can become an asset to security rather than a liability. This multi-occupational, interactive security training course will educate employees on credit card security, best practices and why it matters.

Contact Us

For a free demo or more information:

(7)

COMPLIANCE

» Identity theft

» Data protection standards » Data flow

» PCI Council » PCI DSS

» Classification levels » Verifying compliance » Card data that can be stored » Penalties and fines

» Costs of a data breach » Basic security guidelines

Introduction to the Payment

Card Industry (PCI)

The Introduction to PCI eLearning course was created with everyone who interacts with credit or debit card data in mind. This includes everyone from cashiers to traveling sales staff to system administrators. The course concisely and clearly explains what the PCI is, how employees interact with its regulations, the penalties for not complying and the types of data they can and cannot store.

Course Outline –

Introduction to PCI DSS

Building and maintaining a secure network Protecting cardholder data

Maintaining a vulnerability management program Implementing strong access control measures

Monitoring and testing your networks Maintaining an information security policy

PCI DSS

The PCI DSS standards measure organizations against an exacting security framework. Made up of six principles and 12 requirements, the PCI DSS standards can be overwhelming to those not prepared. The PCI DSS eLearning course helps any manager, developer, system or network engineer or CTO understand exactly what the standards are and how they can meet each of them. By using the PCI DSS eLearning course, organizations can strengthen their systems and personnel in preparation for a PCI audit.

Course Outline –

Contact Us

For a free demo or more information:

[email protected]

/

888.732.9406

(8)

TRAINING SERVICES |

e

LEARNING

Defining and storing cardholder data Discovering your scope

Determining your entity

Determining your card usage level Choosing your self-assessment questionnaire

PCI Scoping

Protecting cardholder data is critical to both the organization and the customer. This course establishes best practices for creating a PCI security scope to meet your business and compliance goals.

Course Outline –

» History » Purpose » Covered entities » Business entities » Individual Identifiable

Health Information (IIHI)

» Protected Health Information (PHI) » Privacy

» Security

» Working with HIPAA

Introduction to HIPAA

This course was designed for anyone who works with medical data, from nurses to third-party processers. The course concisely and clearly explains why HIPAA was created, how it affects work life, penalties for not obeying and what types of data industry employees can and cannot store.

Course Outline –

I had a really positive

experience ... It was fun

and interactive!

COMPLIANCE

(9)

DEVELOPER

Forceful browsing Command injection

Data modification in hidden fields Session hijacking program

Exploiting information leakage Cross-site scripting

Cross-site request forgery Client-side logic subversions

Application Security

Hackers use a variety of attacks that can result in fraud, theft, compromise of sensitive information or data destruction. The Application Security course trains developers to modify, create and design safe and secure web-based applications by exploring eight common attacks. Each of the eight modules uses real-world and practical instruction, attack demonstrations, remediation best practices, hints and tips to educate developers.

Course Outline –

.NET input validation .NET output encoding .NET error handling

.NET SQL injection defense JavaSF input validation JavaSF output encoding JavaSF error handling JavaSF SQL injection defense

Secure Coding

The Secure Coding section is composed of eight total modules. Four of them are .NET modules and four are Java modules. Each module covers the same basic information in the first quarter before diving into language-specific content.

Course Outline –

TRAINING SERVICES |

e

LEARNING

Contact Us

For a free demo or more information:

(10)

TRAINING SERVICES |

e

LEARNING

» Introduction to Incident Response » The Incident Response team » Operations support

» Handling incidents

Incident Response

This course provides the knowledge you need to effectively become incident-ready, while helping you plan to prevent incidents and stay a step ahead. The methodologies taught focus strongly on preparation and prevention, such as having the right people and tools in place, but also dig deeply into the proper response objectives.

Course Outline –

» Risk #1: Injection

» Risk #2: Broken Authentication & Session Management

» Risk #3 - Cross-Site Scripting (XSS) » Risk #4: Insecure Direct Object References » Risk #5: Security Misconfiguration

» Risk #6: Sensitive Data Exposure » Risk #7: Missing Function Level Access

Control

» Risk #8: Cross-Site Request Forgery (CSRF) » Risk #9: Using Components with Known

Vulnerabilities

» Risk #10: Unvalidated Redirects & Forwards

The OWASP Top 10

The Open Web Application Security Project (OWASP) Top 10 document regularly provides the 10 most frequent and dangerous security vulnerabilities organizations deal with every day. This course allows users to explore what each attack is, how each attack works, detailed examples of each attack, remediation steps and best practices that they can easily incorporate into their everyday development and coding work.

Course Outline –

Contact Us

For a free demo or more information:

[email protected]

/

888.732.9406

DEVELOPER

(11)

» Application Error Messages » Application Response Handling

» Authentication & Session Management » Client Information Leakage

» Client-Side Injection » Cross-Site Request Forgery » Data Storage

» Sensitive Information Disclosure » Transport Layer Security

» User Account Lockout » User Input Caching

The Mobile Security Top 11

In today’s mobile environment, there is a drive for developers to quickly and efficiently create mobile applications for a variety of devices. As they develop the next generation of mobile applications, developers must keep security best practices at the forefront. They must know how to secure both the application that will be deployed to the mobile device and the web services that power the app. If either are left insecure, attackers will exploit any weakness they find. This 1.5-hour course covers the important security topics developers need to understand, regardless of development platform or language.

Course Outline –

» AJAX / XML / JSON in Web 2.0

» Cross-origin resource sharing » Local storage

» Web messaging » WebSocket protocol » XSS in HTML5

Web 2.0 Secure Coding

The buzzword “Web 2.0” has been in the public vocabulary for years. As HTML5 and other new 2.0 technologies become widely implemented and draw closer to maturity, attackers are focusing their attention on finding exploits and attacking Web 2.0 services, technologies and languages. This program teaches developers how to avoid common pitfalls and follow best practices in six courses that total 45 minutes in length.

Course Outline –

Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211 / 888.732.9406

LEARN

MORE

About our Industry Expertise at: www.FishNetSecurity.com

Contact Us

For a free demo or more information:

[email protected]

/

888.732.9406