One of the greatest threats to information security could actually come from within your company or organization. Inside ‘attacks’ have been noted to be some of the most dangerous since it comes from the inside. It is not always the employee’s intention to cause the threat. It is often a result of uninformed, uneducated employee
For example, uninformed users can do harm to your network by visiting websites infected with malware, responding to phishing e-mails, storing their login information in an unsecured location, or even giving out sensitive information over the phone when exposed to social engineering. One of the best ways to make sure company employees will not make costly errors in regard to information security is to educate them about company’s security policy, procedure and best practices in order to keep users business and personal information safe.
FIS L0: Information Security (Awareness Program/Campaign)
The Security Awareness Campaign is designed to address important information security challenges facing the organization, by providing Information Security Awareness training in the form of formal classes, as well as Computer Based Training through different forms of media, such as publications, videos, audio/podcasts, games, and cartoons for the Media Library. All of which will be implemented on the Learning Management System. Our way of implementing awareness campaigns starts from conducting a gap assessment to understand the level of security awareness in the organization in order to tailor-made a campaign that suit the nature and level of the organization. This is includes site interviews, Physical assessment, social engineering and other assessment tools when required. Those challenges are primarily concerned with planning and implementation of information security awareness program that adheres to ISO 27001 requirements, Information Security best practices and consistent with the organization’s risk management
FIS L1: Information Security (Fundamental Practitioner Technique)
This program is designed for those working within the field of IT/IS, it is vital to get a complete understanding of the technical aspects of Information Security, including the essential and updated knowledge required to secure and Information System. The “Information Security Practitioners Techniques” course offers a more practical and hands-on approach besides the theoretical study of Information Security.
Professional Certifications in Affiliation with Carnegie Mellon University / SEI.
Information Security for Technical Staff (ISTS) - 5 day Course
This course is designed to provide participants with practical techniques for protecting the security of an organization’s information assets and resources, beginning with concepts and proceeding on to technical implementations. The course focuses on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention.
Fundamentals of Incident Handling (FIH) - 5 day course
This course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work.