Security Mentor
Lesson Summaries

Security Mentor CORE Training

Intro to Security Awareness

The introductory lesson for Security Mentor’s security awareness training shows why each person is critical to security, and how the actions of one person, even if unintentional or unknowing, can put their organization at risk.

Office Security

The office security lesson focuses on both internal and external threats to information security in personal office spaces. Through lesson interactions, trainees learn to identify and remove office security risks. Afterwards, trainees assess their own office security through a series of questions.

Computer Security

The computer security lesson teaches how layers of security are important to protect computing devices. Topics covered include firewalls, anti-malware, software auto-updating, data backups, and safe software installation.

Passwords

In the passwords lesson, trainees interactively learn what makes a strong password and then are given techniques for creating strong, memorable passwords. The second half of the lesson focuses on how to manage passwords and keep them safe.

Email Security

The email security lesson first describes general threats by email including malicious messages, malicious attachments, and spam. This is followed by tips on how to deduce the safety of email messages. Lesson interactions teach trainees how to look for clues that emails are malicious, and receive feedback based on their choices.

Web Security

The web security lesson first teaches about the risks trainees face when on the Web. Trainees next learn about safe web searching techniques, general browser security and security settings, SSL, and protecting against web attacks.

Phishing

The phishing lesson delves into what phishing is and why people fall for it. Spear phishing is given special attention in the lesson. Trainees learn how to identify phishing messages by looking for clues. Trainees then complete interactions designed to reinforce the skills learned in the lesson.

Mobile Security

The mobile security lesson discusses the pervasiveness of mobile devices and the risks, particularly for data breaches, related to these devices. Best practices are given for protecting common mobile devices like smartphones, laptops, and mobile storage, as well as for using Bluetooth, WiFi networking, and device disposal.

Information Protection

The information protection lesson discusses what the risks are when information is exposed. The lesson introduces three different types of sensitive information: Personally Identifiable Information (PII), Protected Health Information (PHI), and business confidential information. Examples are given for each. Through exercise, trainees then learn to identify sensitive documents, and are given feedback on their choices. The remainder of the lesson focuses on how to protect and manage sensitive information.

Social Networking

Social networking impacts everyone, whether through direct participation or through associations. The social networking lesson teaches why security is so important in social networking. Topics addressed include choosing online relationships, personal information to keep private online, and business information to protect. Phishing and malware on social networks are also discussed.

Public WiFi

Public WiFi is everywhere and so easy to use, but what are the risks and how can they be avoided? The Public WiFi lesson first teaches about what malicious hotspots are and then introduces trainees to SSL and VPN. Next, the lesson covers topics including how to avoid malicious hotspots, a summary of the best practices for using public WiFi, and the danger of connecting Ad Hoc to other computers.

Reporting Incidents

In the reporting incidents lesson, trainees learn how to recognize a variety of security incidents through interactive exercises. The lesson covers what information should be included when reporting incidents. Finally, the lesson also discusses why people don’t report incidents and the importance or reporting incidents quickly.

Security Mentor ADVANCED Training

Social Engineering

The Social Engineering lesson first explains what social engineering is, followed by a discussion of why social engineers target employees. Trainees then learn about different social engineering tactics. Finally, through a series of role-playing interactions, trainees learn to identify and thwart social engineer’s attacks done by vishing, phishing, social networking, and onsite or in person social engineering attacks.

Data Loss Prevention (DLP)

The lesson starts with a definition of Data Loss Prevention (DLP), followed by a discussion of the different DLP tools that organizations may use. Next, the causes of data leaks are explored. Trainees next examine the services and technologies they use and how data can be put at risk of being exposed. The second half of the lesson focuses on seven common areas where end users lose data, and how data loss can be prevented.

Safe Disposal

The Safe Disposal lesson begins by introducing why people dumpster dive, followed by where improperly disposed data is often found. Real cases of improper paper disposal are presented. Trainees next evaluate a series of documents and decide how they should be disposed. The lesson concludes with a series of interactions designed to teach about the proper disposal of devices and the management of voice data.

Internet of Thing (IoT)

The Internet of Things (IoT) lesson first defines what the Internet of Things is. Examples of IoT devices are discussed for people’s personal lives, in the workplace, and in industry and the government. Next the lesson explains how IoT works. Then the main concerns for security, privacy, and personal safety risks related to IoT are examined. Finally the lesson concludes with advice for using IoT securely.

Cloud Security

The Cloud Computing lesson begins by explaining what Cloud Computing is and how it differs from local computing. Next trainees learn about how the cloud is used by businesses and by home users. Common causes of security incidents in the cloud are then explored, as well as the possible outcomes of those security incidents. The lesson emphasizes how the trainees’ actions are critical to preventing mistakes that cause security incidents, and what each person needs to do to avoid cloud security risks.

Privacy

The Privacy lesson starts by defining data privacy, explaining why it is important to protect private data, and the different types of data that need to be protected. Next the lesson addresses the repercussions if private data is exposed. Examples of privacy laws from several different regions worldwide are then discussed. The remainder of the lesson focuses on employee responsibilities when collecting, storing, sharing, transmitting and disposing of private data.

Working Remotely

The Working Remotely lesson opens providing examples of remote working locations followed by an explanation of the risks. The lesson focus is on how employees can be more secure when working remotely, covering topics including: data security, computer hygiene, access control, network security, physical security, and working in public places.

Travel Security

The Travel Security lesson first presents the risks when people travel, then engages the trainee to self-assess their own travel risk profile. Next trainees learn how to protect themselves when traveling including travel preparation, traveling in a vehicle, traveling around town, air travel, hotels, connecting to remote networks, and using social media while traveling.

Insider Threat

The Insider Threat lesson first teaches employees about the different types of unintentional insider threats and then how employees themselves can avoid becoming an unintentional insider threat. Next, the lesson discusses the threats arising from malicious insiders. Next, the lesson explores the motivations behind why people become malicious insiders, and discusses how to recognize behavior signs that can reveal malicious insider activity. The lesson concludes by discussing what employees can do if they suspect someone is an insider threat.

Security Mentor ROLE-BASED & COMPLIANCE Training

System Administration

The System Administration lesson is the first lesson in Security Mentor’s ROLE-BASED curriculum. It covers security topics about which System Administrators need to be informed. The lesson begins by explaining why security is so important for system administrators, and defines some of the basic tenets of security including the AIC triad, compliance, defense in depth, and resilience. Next the lesson addresses how system administrators can secure against hackers, malware, malicious insiders, and incidents. Topic areas covered include access control, threats & vulnerabilities, data protection, security tools and incident response.