Cyber and information security has recently become a concern to all modern organizations. Organizations cannot achieve their cyber security goals through hardware and information technology (IT) workers alone, so all employees who use IT infrastructure and systems must be trained on the knowledge, skills and policies related to cyber security.
Cyber security operations involve core technologies, processes and practices designed to protect networks, computers, programs, people and data from attack, damage, injury or unauthorized access. Given the cyber threat environment, effective systems must also involve employee/end users of organizational computer systems. In fact, nearly all employees with access to computers or networks play a cybersecurity role in their organizations whether they know it or not. Since employees or end users are the weakest link in organization in terms of cyber and information security, organizations should consider cybersecurity training to be a significant strategy to reduce exposure to various threats. When trained on cybersecurity awareness, the chances of falling victim to an intrusion attempt decreases.
More often than not employees received no or little training in cybersecurity practices. The lack of cybersecurity training for employees is directly evidenced by the spike in recent cybersecurity incidents.
Cybersecurity training is as important as other operational training. Your employees can be valuable in identifying and preventing security risks only if you equip them with the necessary knowledge and skills.
The purpose of this proposal is to seek the organization’s approval to raise the cyber security awareness and Training of all categories of staff.
Employees must be able to recognize observable phishing cues and lures embedded in computer-mediated messages that commonly appear in websites, e-mails and social networks. As such, they need systematic, coordinated and integrated training to understand trust decisions across these modalities.
Moreover, savvy users likely require different training content than naïve users. They need training tailored to their particular learning needs in order to make smart decisions in the cyber space.
The main objectives of the training include:
a. Improving user awareness of the need to protect technology, information and systems.
b. Ensuring users clearly understand their responsibilities for protecting information and systems.
c. Ensuring users are knowledgeable about cybersecurity policies, standards, guidelines, procedures and practices.
d. Developing user knowledge and skills so they can perform their jobs securely.
e. Ensuring that the employees and the organization complies with the state and local government regulations like Data Protections Act and other requirements.
The cybersecurity training program is carefully thought out and planned to address the present security concerns and make employees alert and cautious so they can detect threats and prevent security incidents. The awareness training programme will be designed using the module below
1. Programme Definition
The managerial level security training is designed to help executives who lead teams address employee questions and concerns. Managers should also be able to work with your IT team to address any issues, and they might also serve on your IT security leadership panels. The technical training will consist a deep dive into a more deta1iled cybersecurity training. They will learn threat detection and mitigation techniques.
2. Engaging key stakeholders.
Getting the support and approval of the leadership team would be sought for the success of cybersecurity training programs especially the best medium to use for the training.
3. Planning a workable program with definable and measurable goals
In order to prepare an effective training resource, we will identify the security challenges (threats) facing your organization, e.g, common social engineering threats that your employees face and address them in the training materials.
Along with the training materials, we will identify gaps and security solutions that will be used within your organization that can help employees improve their security hygiene.
4. Implementing, measuring, and optimizing the programme for its continued success
The success of the cybersecurity training will be measured by seeking feedback from employees as well as other key business stakeholders. This would inform the areas of concerns and it will inform the content of the subsequent training modules.
Awareness Training Module
Our security awareness training program is customizable, as unique companies face unique risks. Our objective is to enable you to manage your employees and your risk.
Below are the various topics to be covered:
• Insider threats
• Social Engineering
• Phishing, Vishing, Smishing
• Management role in cyber security
• Measuring information security
• Supply Chain Risk
• Access Control
• Information Risk Management
• Cloud security
• Importance of cyber security
• Current events and data breaches
• Email security
• Human error
• Identity theft
• Security Incidents
• Protecting intellectual property
• Attacker and defender
• Network security
• Password policies
• Authentication practices
• Physical security of information and devices
• Security of mobile devices
• Public Wi-Fi security risks
• Remote working security challenges
• Social media
COSTING FRAMEWORK OF TRAINING
Number of Employees
PROFILE OF TRAINER
Seth Frimpong-Manso holds a Master of Business Administration degree in Management Information Systems from the University of Ghana.
He is a Certified Chief Information Security Officer (CCISO), a Certified Data Protection Supervisor, a Certified Network Security Specialist, a Certified Security Specialist (CSS) and a holder of ITILv3 Certificate in IT Service Management.He has over Fifteen (15) years of working experience mainly in the field of Cyber and Information Security; systems administration and information management in both private and public sectors. Seth has an in-depth practical/ technical experience in installation, configuration and administration of several software and hardware infrastructure and have clients cutting across several sectors (Banking, Hospital, Pharmacy, Churches, Wholesale and Retail shops etc).