| Content |
IT Security
This course is aimed at staff up to manager level. No specific technical knowledge is assumed but attendees should have a basic knowledge of computers and using the World Wide Web.
Aim
To enable non-IT staff to appreciate the roles and requirements of the IT systems they interact with. Appreciate the risks to the organisation’s systems and that of its customers. Understand how and why attacks are carried out and how to mitigate against them.
Day 1
Internal Threats and their mitigation
- Introduction to IT systems, technologies and how they fit together (from the mainframe to the smart card and mobile phone via the desktop)
- Basic business operations risks, differences between disaster recovery and business continuity
- List the legal requirements of recruiting staff
Day 2
Internal Threats (continued)
Fraud in an IT context – introduction (who, why, how)
Case study
Auditing in an IT context
Staff fraud within IT systems, detection and mitigation
Customer fraud via IT systems such as online backing Day 3
Threat Mitigation
The importance of authentication and encryption
Types of authentication and encryption systems used
Introduction to social engineering (refresher and in an IT context) External Threats - Direct threats
Social engineering attacks (attacking systems through staff and what staff do)
Hackers, crackers, script kiddies and links to organised crime Day 4
External Threats – Indirect threats
Threats to customers
Social engineering, Scams, phishing emails, keylogging, browser hijacking
(What to watch for and ways to assist those who have been affected)
Mitigation against external threats (what IT will be doing, how you can help)
Case study of an external threat External Threats - Direct threats
Social engineering attacks (attacking systems through staff and what staff do)
Hackers, crackers, script kiddies and links to organised crime Day 5
Appropriate Responses
Internal reporting procedure
Laws and regulations
Appropriate authorities and their roles
|
