Certified Information Security Awareness Trainer (CISAT)

Duration: 2 days

Introduction

The financial impact of information security breaches is enormous, not too mention the damage on your carefully built organizations’ identity and reputation.

Over the past several years, organizations have spent large sums of money on the latest security technologies with little focus on one of the most important security threats present; the human factor.

Until recently, few of these organizations have taken the next step by providing security awareness education and training to their entire employee population, realizing this as one of the leading causes of security breaches and exposure of confidential information.

A lot of studies have concluded that employees are playing a key role in securing information but they often lack of awareness of sound security practices.

More and more companies are now realizing the importance of security awareness training and how it is the key to security; leading to the question whether to develop such a program internally or choose for outsourcing.

Course Syllabus

Day 1

Learning objectives, participants will be able to understand:

·          Introduction in Information Security

o         Information Security Explained

o         Confidentiality

o         Integrity

o         Availability

o         Authenticity

o         Non-repudiation

o         Laws and Regulations

o         Standards

·          Elements, Roles and Responsibilities

o         Elements in Information Security

o         Roles Defined

o         Responsibilities in Information Security Awareness

·          Threats and Impact

o         Recognition of Security Breaches

o         Common Threats

o         Security Breaches

o         Impact

·          Awareness, Training and Education

o         Awareness Definition and Objectives

o         Training Definition and Objectives

o         Education Definition and Objectives

·          Design Awareness Program

o         Structure Awareness Activities

o         Conduct a Needs Assessment

o         Develop Strategy

o         Establish Priorities

o         Level of Complexity

o         Funding of Awareness Program

·          Develop Awareness Material

o         Develop Material

o         Select Topics

o         Sources of Awareness Material

Day 2

Learning objectives, participants will be able to understand:

·          Develop Awareness Material

o         Examples of Topics

- Anti-Virus

- Spam

- Data Carriers

- Printing & Faxing

- Local and Remote Access

- Password Compliance

- Email Behavior

- Internet Usage (etc)

·          Implement Awareness Program

o         Communicating the Plan

o         Techniques for Delivery of Awareness Material

·          Post Implementation

o         Security Incident Response

o         Compliance Monitoring

o         Feedback and Evaluation

o         Managing Change

o         Ongoing Improvement

o         Program Success Indicators

·          Exam: Certified Information Security Awareness Trainer

Prerequisites

While there are no specific requirements for this course, participants with at least two years of actual experience in securing the organizational assets is best suited. This experience may come from a business or IT background but it is believed that the candidate has knowledge of both environments, understanding the mission of their organization.