Security training for a client
Master Of Puppets
Member Posts: 1,210
We are doing a security audit/pen test for a client right now. As the security guy I am heavily engaged in the process. At a later point, I am going to have to hold a training session for the employees on security. Is there a standard or any guidelines for this type of stuff? I am aware of some pretty cool standards for the technical side but I've never really heard of anything like that on educating users. I have a rough idea of what it should consist of but I really want to do a good job so if you guys know of a framework I can follow when piecing this together, that would be great.
I'm thinking of doing a cool power point presentation and getting them in a room to talk about not clicking on pdf.exe files and etc.
It is my understanding that this is how people usually do it?
I'm thinking of doing a cool power point presentation and getting them in a room to talk about not clicking on pdf.exe files and etc.
It is my understanding that this is how people usually do it? Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Comments
-
colemic
Member Posts: 1,569 ■■■■■■■□□□
https://www.infragardawareness.com/ Infragard has a free awareness course...Working on: staying alive and staying employed -
colemic
Member Posts: 1,569 ■■■■■■■□□□
others I found, don't know how good they are but could be helpful:
Free Security Awareness Training Samples - Videos - Posters
Free Cyber Security Training Resources
Cybersecurity Education, Training and Awareness Online Training Catalog - didn't know DISA made these available to the public
Penn Information Security: Free Presentations for Computer Security Awareness & Training (CSAT)Working on: staying alive and staying employed -
LionelTeo Member Posts: 526 ■■■■■■■□□□
From experience. The first thing I would want to says is, know your auidience and cater something useful for them. Security is like pretty huge. If they are system administrators, then cover what you think is useful for system admins (what are the thing to look out for when securing) . If they are regular employees, then cover what you think is useful for regular employees. (social engineers/virus, what to do in event of being infected). The same would go to web developer (XSS,SQL injection) or management (risk, policy, procedures, IH processes)
If pentesting is involved, and your management would want you to show how you penetrate in. Consider GUI options to replicate what you did like Armitage and W3F and walk them through the process using GUI style clicking. The last thing you would want to get is the response of "yeah, only a skill attacker can do that". It would be useful to show them the seriousness that someone could replicate the same thing just by clicking, and also it is more clear than running command line. -
Master Of Puppets
Member Posts: 1,210
Thanks for the helpful input guys.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. -
NightShade03
Member Posts: 1,383 ■■■■■■■□□□
Just look for "security awareness training" on google. This is standard course offered by every security shop under the sun. Most of the time you can fork lift the topics and high level details off of the website and roll your own (which is how most of them do it).