Published on September 3, 2015
1. Infosec Cloud Managed Services Security Awareness Testing & Training
2. Security Awareness Testing & Training Overview Infosec Cloud provides a cloud-based security awareness testing and training (SATT) managed service to combat against phishing, social engineering and ransomware attacks. Employees are tested at their desks, with full management reporting and focussed training for those who are vulnerable. High quality, web-based interactive training combined with frequent simulated phishing attacks, using case studies, live demonstration videos and short tests is aimed at making sure employees understand the mechanisms of spam, phishing, spear phishing, malware and social engineering. The service is cost-effective, requires a relatively short amount of employee time, and is suited to organisations of all sizes. Keeping you secure.
3. Security Awareness Testing & Training WhyInfosec Cloud? Like a real cybercriminal, we know email security and how to bypass it. We have over 250 email security customers protecting around 90,000 mailboxes. We use this knowledge to successfully test your employees. Our video on-demand (VOD) is sourced from the largest security awareness provider globally ensuring the material is always up-to-date. The material is available 24x7 and can be paused/restarted anytime. Our courses are used by over 1,500 enterprises worldwide. Bespoke templates are created. We base these on what interests your users. For example;- the Finance Team can be targeted with finance or bank type bespoke phishing emails whereas the marketing team can receive shiny creative offers…
4. Security Awareness Testing & Training WhyUseaManagedService? Reduce Costs – Benefit from accessing an established and proven testing and training program. Access to Talent - Security Awareness Training is highly specialised. Geographic Reach & Scalability – Train all employees worldwide via distance learning on the same security processes and procedures. Compliance – Many organisations are required to comply with a multitude of regulations, such as PCI, which we have already planned for. Training is not Core to the Business (or IT Department) - Training is a necessity, but the development, management and delivery of training would be a distraction. Access the Latest Technology – Infosec Cloud provides automated Phishing Security Tests and trackable, targeted video-on-demand training.
5. Security Awareness Testing & Training ValueProposition Reduced malware infections Reduced data loss Reduced potential cyber-theft Users have security top of mind Reduced help desk calls Reduced cleaning and re-imagingof machines Reduced down time, increased user productivity Real ROI
6. Security Awareness Testing & Training ServiceOverview Phishing Security Test How phish-prone are your employees? 91% of successful data breaches started with a spear phishing attack – and they’re getting more sophisticated. Infosec Cloud provides a Phishing Security Test which will show you what percentage of your users are Phish-prone. Security Awareness Training Keeping your employees security aware. High quality, web-based interactive training combined with frequent simulated phishing attacks, using case studies, live demonstration videos and short tests. It is aimed at making sure employees understand the mechanisms of spam, phishing, spear phishing, malware and social engineering. After the training, Infosec Cloud’s highly effective scheduled Phishing Security Tests keeps employees on their toes. There are several correction options for employees who fall for the attacks, including instant remedial online training.
7. Security Awareness Testing & Training Serviceset-up Ascertain testing criteria Campaign start & end Number of employees User data (email, first name, last name, title, department) Type of phishing campaigns Customer phishing exposure expectations & future targets Frequency of tests Report destinations Evaluate which VOD courses are required (after testing) Account Provisioning Import users Map campaigns to users Create bespoke phishing rules & templates Create phishing campaign & frequency Create relevant whitelists and bypasses in customers for the Infosec source IP’s Test pilot
8. Security Awareness Testing & Training Testing &Training Timeline–first6months Q1 Report on phish prone organisational percentage baseline Introduction to SATT template to send to users Enrol all users in training Monitor and report on training completion Mandatory training reminders Perform additional phishing test/s Report on new phish-prone baseline Q2 Create new bespoke phishing templates Additional phishing test/s, report on new baseline Additional training for all employees that fail Report on risk areas Failure report provided to relevant personnel
9. Security Awareness Testing & Training Testing &Training Timeline–next6months Q3 Create new bespoke phishing templates Additional phishing test/s, report on new baseline Additional training for all employees that fail Report on risk areas Failure report provided to relevant personnel Q4 Create new bespoke phishing templates Additional phishing test/s, report on new baseline Additional training for all employees that fail Report on risk areas Failure report provided to relevant personnel Assess organisational baseline Confirm testing/training requirements for next 12 months Plus an inclusive Email Security Health Check (1 every 12 months)
10. Video on Demand Training Menu
11. Video on Demand Training
12. Security Awareness Testing & Training KeyPoints Phishing Security Tests - unlimited and on-demand when needed Security Hints & Tips Training videos on Security Awareness Individual user reports Customised emails targeted at individuals and teams Scheduled and randomised emails to users Email reports/statistics on user phishing tests Full management reporting Email security health check (1 every 12 months) All from Industry experts in anti-phishing and training.
13. Security Awareness Testing & Training KeyBenefits Measure and reduce employee susceptibility to real-world phishing attacks Gather hard data by testing and tracking employee security awareness and behaviour Deliver focussed training to increase security awareness and improve behaviour Understand your organisation’s real-world security posture Regular targeted testing raises awareness and understanding of sophisticated social engineering security threats. Combined with focussed, automated training delivered at the employee’s desk, our service enables and empowers your employees to apply this knowledge in the real-world to measurably reduce the risk to your organisation.
14. Security Awareness Testing & Training Recommendation • Run Regular Testing & Training • Review Corporate Policies – Acceptable User Behaviour • Deploy Layered Security Solution When you subscribe to the SATT service, with a managed email security service and Sophos cloud endpoint, we will provide a guarantee up to the value of £2,000 towards the clean-up of a Cryptolocker virus
15. Security Awareness Testing & Training FAQs Regarding the phishing security tests, the data we store consists only of email addresses, and what this address has clicked on. No other data gets stored. As the phishing tests only use standard email/web protocols, and do not include any actual malware, Infosec Cloud phishing tests will not introduce any vulnerabilities into your systems. Infosec Cloud has done everything to be secure, scalable and reliable. Note: the infrastructure we use runs on the Amazon Web Services (AWS) cloud which has the following certifications: “AWS has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. We will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of our infrastructure and services.”
16. Infosec Cloud ManagedServices Infosec Cloud provides a range of integrated Managed Services designed to meet key IT security needs: • Email Security • Web Security • Strong Authentication Contact us for more information and no obligation, impartial advice. T: 01256 379970 E: firstname.lastname@example.org W: www.infosec-cloud.com
Infosec Cloud provides simulated phishing and focused security awareness training as a Managed Service. How Phish-prone are your End Users?
SANS Securing The Human provides security awareness training and security awareness programs for cybersecurity awareness professionals around the world.
Security awareness training is an important part of UCSC's IT Security Program. The presentations and resources on this page will provide you with ...
Our Enterprise Security Awareness Training Program integrates baseline testing and continuous simulated phishing attacks to build a more secure organization.
Why do I need Security Awareness Training? Effective March 25, 2003, shippers and carriers of certain highly hazardous materials must develop and implement ...
Security Awareness Training. Ensure Your Team Understands the Risks. Rapid7's Security Awareness curricula combines learning theory and subject matter ...
Security Mentor provides innovative, security awareness training that is brief, frequent and focused. Engaging, interactive, rich media lessons are as ...
Kevin Mitnick Security Awareness Training ensures that your employees are properly trained to deal with frequent hacking attacks.
more about security? SANS Institute InfoSec Reading Room ... Security awareness training can be performed in a variety of ways that can be utilized alone