02 Feb

Free Information Security Training Materials (Exam and Acknowledgment Forms Included)

A recent study by Symantec revealed that “together human errors and system problems account for 64 percent of data breaches”. This further reinforces the point I made in my last post that it is vital that companies train their employees.

To help drive that point home we have created a free information security training package free for any company to use if they find it useful. If you (or any of your clients) might find it helpful please feel free to share!

Video and Downloads: You can check out the training video and download documents here.

Feedback and Room for Improvement

We aren’t experts when it comes to making video and media (but we enjoy it) so we would really appreciate your feedback.

1. Is this type of thing something you would enjoy more of on this blog (tutorials, training videos, podcasts, etc.)?
2. Are these type of things something you feel you could share with your clients? If not, what can we do to make them something you could share?
2. What can we do to improve going forward? Any topics or subjects you would like to see?

4 thoughts on “Free Information Security Training Materials (Exam and Acknowledgment Forms Included)

  1. In case you now have complete control of my desktop (having click your link). Can I have it back? My IP and password are… could you also upload that salary survey.

    Kidding!! Thanks, I will add this to the other resources I’ve found.
    I only wish I could convince more people to watch this and others.

  2. Great material and well put together. I think it is good general information for a small business that doesn’t have the resources or budget for security training. Many of the companies I have worked for (1000+ employees) create their own training material geared toward their industry, specific security threats and associated company policies. For example, some companies may or may not use dual or 2-factor authentication. But it’s a great intro into basic security principles that general employees continually struggle with. Even though employees have been repeatedly instructed not to click on links, penetration tests at past companies have shown a 15-20% failure rate. Some of these employees are even repeat offenders. At some point you have to focus on mitigating the truly “lost” rather than expecting to train them. I would be interested in your thoughts on mitigating controls (e.g. removing admin rights on the PC, splitting access between admin and general user accounts, use of firecall accounts for sensitive access, etc.)

    You might also be careful about the “test” you included in the middle of your presentation. I didn’t click on the link so I don’t know what happens. But our IS group ran into flak from senior management when they attempted similar tests during a penetration test. Some employees freaked out when they failed the test and went so far as to call their bank and credit card companies to check on their accounts. A little paranoia isn’t always a bad thing when it gets people thinking. But it had an adverse reaction in this case and detracted from the original intent. So it would be good to think about the audience and included plenty of disclaimers.

    • Hi Steve –

      Thanks for the feedback. That was exactly our target audience so it’s good to hear it came off that way.

      Related to the “test” during the presentation it just sends you to a page on our website telling the viewer what happened. Nothing fancy – just trying to prove a point about clicking links. I am hoping it has a greater impact when people realize they could have fallen victim to a cyberc-scheme right in the middle of security training.

Leave a Reply