Security Awareness

Security Awareness

16 September 2015 — 09 October 2015

ICT Courses
Special Focus

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually.

Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company’s computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from happening.



Price 99.00 Eur (promotional)
Application deadline 14 September 2015
(This course has ended)

Course Details


☆  Terminology

Data Loss Prevention (DLP) Scanning: A process of monitoring and preventing sensitive data from leaving a company environment.

Phishing: A form of social engineering where an attempt to acquire sensitive information (for example, passwords, usernames, payment card details) from an individual through e-mail, chat, or other means. The perpetrator often pretends to be someone trustworthy or known to the individual.

Privileged Access: Users who generally have elevated rights or access above that of a general user.

Typically, privileged access is given to those users who need to perform administrative-level functions or access sensitive data, which may include access to cardholder data (CHD). Privileged Access may encompass physical and/or logical access.

Social Engineering:  An attack based on deceiving users or administrators at the target site—for example, a person who illegally enters computer systems by persuading an authorized person to reveal IDs, passwords, and other confidential information.

☆  Prerequisites

Daily computer skills.

This training course it’s ideal for everyone who cares about privacy and data.

☆  Module details

1. Cyber Security Plan

Passwords are an important part of daily internet use, especially in a business setting. Almost every account and computer in a business is or probably should be password protected. So how do we make good passwords? Passwords are more than just a complex attempt at stringing numbers and letters together and require a bit of careful thought and care.

2. Antivirus

Antivirus will protect you from the majority of situations.  Nothing is 100% secure so use an antivirus whenever possible. Remember to update your antivirus (and any) software on a regular basis.  Some vendors will charge a fee for an update.  If you can no longer afford the update, keep using the antivirus because it will protect you from all the known vulnerabilities since the last update. Even an old outdated virus protection program is better than nothing.

3. Secure Browsing Fundamentals

Many attacks are based on the internet browser you may be using.  Some malicious sites will infect your machine just by visiting the site. Sometimes you don’t need to click anything.  Picking the right browser is the first step. Avoid Microsoft Internet Explorer.

4. E­-mail Security Fundamentals

E­-mail is a fundamental part of nearly all small businesses. Currently email phishing is common tactic to compromise a business. Avoid sending or accepting sensitive information via email.

5. Securing Mobile Devices

Many establishments (e.g., coffee shops, hotels, airports, etc.) offer wireless hotspots or kiosks for customers to access the Internet. Since the underlying infrastructure is unknown and security is often lax, these hotspots and kiosks are susceptible to adversarial activity. The following options are recommended for those with a need to access the Internet while traveling: Avoid free and open hotspots.

6. Social Networking

Social media has become an integral part of modern society, and it appeals to many small businesses as a cheap and easy way to advertise and spread the word about their goods and services. However, society is also full of stories illustrating the security risks and hazards of putting information on the web.

7. Employees and Service Providers

Employees shouldn’t get personal on your page. Damaging information can come from anywhere, even a well­minded employee who posts something he shouldn’t on your business’s page. Educate employees about the dangers of posting personal opinions and sensitive information. Employees need to know what not to post.

8. Facility and Physical Security

It is important to pay attention to the security of your information services assets, especially at your place of business. Know what physical places in your business are the most at risk.It is important to pay attention to the security of your information services assets, especially at
your place of business. Know what physical places in your business are the most at risk.

9. Payment Cards and Point of Service Systems

The security of point of service payment systems is a very important part of many small businesses. If you business accepts credit or debit card payments you must take steps to secure your customer’s information.

10. Incident Response and Reporting

Depending on your type of business and the type of cyber attack or event you may encounter, there are varying responsibilities for notification.

11. Recovering from a Cyber Attack, Event, or Disaster

While taking preventative measures is important, it is also important to have a recovery plan in case a cyber attack or cyber event.  Having an up to date security plan and following the recommendations will make recovering from an attack easier.

☆  Week 1

Cyber Security Plan
Passwords
Making a good password
Building a Password
Antivirus
Antivirus Software Suite Comparison
Avoiding Scams, Fraud, and Hoaxes

☆  Week 2

Secure Browsing Fundamentals.
E­Mail Security Fundamentals.

☆  Week 3

Securing Mobile Devices.
Traveling with Personal Mobile Devices.
Social Networking.

☆  Week 4

Employees and Service Providers.
Facility and Physical Security.
Payment Cards and Point of Service Systems.
Incident Response and Reporting.
Recovering from a Cyber Attack, Event, or Disaster.

☆  Instructor Profile

Drinor Selmanaj has experience in cyber security. He has been working with FLOSSK for 2 years now he is one of many contributors in Kosovo in many open source projects, he has been doing workshops around Kosovo in data security, also being a FLOSSKie he has been maintaining the network of the SFK (Software Freedom Kosova) the annual conference about open source in Kosovo. His expertise are networks and computer security. While on workdays he is the CEO of HelloWorld, a company which is focused on application development. His passion about computer security and networks never stops. He will be showing some awesome stuff at advanced cyber security training.

☆  Duration

24 hours

Wednesday &Friday, starting 17:00 - 20:00

September 16 - October 9

☆  Contact Information

Innovation Centre Kosovo; Rexhep Mala str. 28A, 10000, Prishtina.

[email protected]; 049 765 567




Security Awareness

Drinor Selmanaj

Instructor

Drinor Selmanaj is a lecturer, entrepreneur and information security specialist from Kosovo.
He has spent his years consulting, auditing, and hardening IT-infrastructures in companies and organizations across the region.
As a lecturer, he has established a Penetration Testing programme at ICK which seeks to hone the skills of young technology enthusiasts looking into entering the field of cybersecurity.
His entrepreneurial spirit led him to found a software development company called “Hello World!” centered around creating secure and highly functional digital products for local companies and businesses.
He is the CTO and co-founder of “Sentry L.L.C” - one of the first companies in Kosovo to regionally offer products and an extensive list of services in information security.
As a citizen of Kosovo and a member of various hacker communities, Drinor is able to see both the needs of legitimate businesses as well as the needs of a darker digital underground.






BOLD

© ICK — Innovation Centre Kosovo