Content Catalog - Living Security

1

Content Catalog2021

Table Of ContentsTRAINING SERIES

● SIMON SAYS● TGIS● TrueEye● PHISHING IRL● BORN SECURE: TRAINING GROUNDS● The Squad● BORN SECURE: WEBB OF LIES

(coming soon)

TRAINING MODULES NANO-MODULES (~1min.)

● Whaling● Policy● Telework/Remote Work Security● Don't Reuse Passwords● Don't Share Passwords● Password Managers● Phishing● Spear-phishing● Smishing● Malware● Mobile Security● Secure Your Apps● Device Security● Internet Of Things● Insider Threat● Physical Security● Tailgating/Piggybacking● Data Classification● Data Privacy● PII● PHI● PCI● HIPPA● GDPR● CCPA● PIPEDA● Vishing● Shadow IT● MFA● Encryption● Sales ‘why’● Marketing ‘why’● HR ‘why’● Finance ‘why’● Exec. Assistant ‘why’● Service Desk ‘why’● Customer Support ‘why’● Vendor/Supply Chain ‘why’

2

NANO-MODULES Cont. (~1min.)● Secure Coding - Introduction● Secure Coding - Authentication and

Authorization● Secure Coding - Injection● Secure Coding - Least Privilege● Secure Coding - OWASP introduction● Secure Coding - Patching● Secure Coding - Source Code Secrets● Secure Coding - Static Analysis● Secure Coding - Threat Modeling● Secure Coding - Vulnerable

Dependencies

MICRO-MODULES (~2-3min.)● Mobile Security● Physical Security● Safety Online● Travel Secure● Password Reuse● Ransomware● Work From Home (WFH)● Themed Phishing● Internet of Things (IoT)● Cloud Security Threats● Vendor Email Compromise (VEC)● Synthetic Identity Theft● Suspicious Activity Reporting● Advanced Financial Social

Engineering● Point of Sale (PoS) Security

BIG IDEAS (~3-5min.)● Privacy● Passwords● PII● General Cybersecurity● Phishing● Data Classification● Privileged Permissions● Vishing

ROLE-BASED TRAINING● HR● Finance● Priv. User● Support● General

SECURITY TRIVIA● 101● 102

#

#

#

#

PHISHING SKILLS● 101● 102● Mobile

THREAT INSIGHT● 101● 102

AM I SECURE● 101● 102

CULTURE ASSESSMENT

EXECUTIVE TRAINING● Why Executives are Targeted● Phishing Skills- BEC● Understanding the Black Market● Threat Insight for Executives● Privacy for Executives● Travel Secure for Executives

RETENTION QUIZZESAll Major Series

TEAM-BASED TRAINING ● (CYBERESCAPE ONLINE)

CRITICAL MASS (GENERAL)● BORN SECURE (ENTRANCE EXAM -

GENERAL)● BORN SECURE (ENTRANCE EXAM -

STORES)

3

Table Of Contents

INTEGRATED PUZZLES● COMPLETE● UNSCRAMBLE● VISHING● HOTSPOT- HOME● CLASSIFY● FLAGS● SCAN● CAMERA● PHISHING● RAW PHISH● THE SOCIAL● SOCIAL CONNECTION● PIKTRHUB● CRAFT A PHISH V2● CORKBOARD● EMOJI PASSPHRASE● DATING GAME● VISHING V2● INCIDENT RESPONSE CYOA● MALWARE UNSCRAMBLER

Training Series

Simon Says

4

TGIS

General Audience | 20:40

DESCRIPTIONJoin Atlas and MJ as they track the activities of Simon, an accused murderer, and his identical clone counterpart. Become a part of the story as a remote team agent as you solve puzzles, answer security questions and identify security missteps while you locate the bot and determine who the real killer is.

LEARNING OBJECTIVESPassword Hygiene, Phishing Awareness, Social Media Privacy, Default Credentials, Secure Data Storage, Physical Security, Safety Online, Device Security

INTEGRATED TRAINING● Retention Modules per Episode (4)● Training Modules (4+)

INTEGRATED PUZZLES● The Social - Use social media for an

investigation● Scan- Determine the default credentials

on IoT devices● Craft a Phish - Determine the best

phishing email● Call to Pass - Use clues from a phone

call to determine company credentials

General End User | 26:31

DESCRIPTIONThank Goodness It's Secure is an episodic sitcom set in a local coffee shop, The Ground Truth, and follows the life of new barista, Allie Button, as she learns to take control of her life. The shop's lovable regulars, businessmen, entrepreneurs, jobseekers, keep her preoccupied with no shortage of trials as they grow together to lead more secure lifestyles.

LEARNING OBJECTIVESMulti-Factor Authentication, Remote Access/Authentication, Mobile Phishing, Incident Reporting, Biometric authentication, Safety Online, Smishing, Healthy Paranoia


Training Series

True Eye

5

Phishing IRL


DESCRIPTIONTrue Eye is a Hollywood-style thriller that follows new-hire, Adrian Bridges, through his first day at a global AI-technology firm. Adrian’s policy orientation and security training quickly spin into suspense and intrigue as his personal AI device, Guide, starts asking him to do unethical and even dangerous things with sensitive data. His adventure offers a glimpse into proper operational security, how technology affects people and what we can do about it.

LEARNING OBJECTIVES Password Hygiene, Secure Data Storage, Phishing Awareness, Physical Security, Social Media Privacy, Safety Online, Device Security, Default Credentials

INTEGRATED TRAINING●Retention Modules per Episode

INTEGRATED PUZZLES● Hotspot - Identify the security

vulnerabilities● Classify - Determine the security level of

assets● Vishing - Follow a vishing attack scenario● Unscramble - Create the sentences that

describe cybersecurity best practices

General End User, Phishing Remediation Training | 9:08

DESCRIPTION An engaging, training-driven storyline designed to debunk myths about cyber criminals and better inform end-users about what phishing looks like in real life.

LEARNING OBJECTIVES Origination of Phishing Emails, Cyber Criminal Organizations, Phishing Email Analysis, Effects of Phishing Emails


INTEGRATED PUZZLES● Craft a Phish - Determine the best

phishing email● Spoil The Vish - Stop the vishing

attempts● Flags - Detect the red flags in phishing

emails

Training Series

Born Secure:Training Grounds

6

The Squad


DESCRIPTIONThis training experience follows Jacob Webb, code-named xGhost, never considered a life as a cyber-operative until he was hand-picked as a candidate for a government-funded, cyber training Program. The Program is designed to defend critical assets and infrastructure by operating in the shadows and infiltrating the cyber underground. As xGhost and the other candidates enter Phase 3 of their training, their anticipation of real-world operations grows. But the veil of secrecy leads xGhost into doing someone else’s bidding.

LEARNING OBJECTIVES Phishing, Password hygiene, physical security, attack mapping, asset protection

INTEGRATED TRAININGPhishing Awareness, Physical Security Vulnerabilities, Attack Mapping, Protecting Assets

INTEGRATED PUZZLES● Craft a Phish - Experience designing

phishing emails● HotSpot V3 - Identify physical security

vulnerabilities● Corkboard - Understand high level attack

strategies

Born Secure:Webb of Lies (coming soon)


DESCRIPTIONIt’s the year 2027, and the Squad is on the verge of launching their biggest project to date: taking 7G to the moon! However, just before their big day, the Squad’s biggest rival, Copy Dat, announces they’re doing the same thing! How is this possible?! Did Orson overshare on social media? Did Caleb get phished!? It’s a race against the clock to reclaim the Squad’s beloved project from being defunded, replace the competitor’s project with a better one and restore glory to its rightful place. Squad up! This one’s going to be fun.

LEARNING OBJECTIVES A comedic, threat-driven storyline designed to immerse viewers in security awareness without it feeling like training. This live-action, 3-part series will drive engagement and comprehension around oversharing, social media and phishing (BEC) better than anything else before it.

INTEGRATED TRAINING● Oversharing on Social Media ● Privacy settings and cleaning up digital

footprint● Spear-Phishing & Spear-Vishing● Business Email Compromise (BEC) & Vendor

Email Compromise (VEC)● Incident Response● Policy & Compliance

Training Modules

Nano-modules (all ~1min.)

WhalingEnd Users | 58 sec. | 3 questions

LEARNING OBJECTIVES● Who whaling targets● What whaling looks like● The difference between whaling and

spear-phishing

Don’t Reuse PasswordsEnd Users | 1:04 | 3 questions

LEARNING OBJECTIVES● Learn the risk of reusing passwords● Learn how to avoid reusing passwords● Learn the use of password managers

Telework/Remote Work SecurityEnd Users | 1:14 | 3 questions

LEARNING OBJECTIVES● Learn the risks of remote work● Learn how VPNs protect you● Learn how to safely work remotely

PolicyEnd Users | 58 sec. | 3 questions

LEARNING OBJECTIVES● Understand the importance of policies● Understand how policies protect data● Understand how policies protect you

Don’t Share PasswordsEnd Users | 57 sec. | 3 questions

LEARNING OBJECTIVES● Learn how sharing passwords is

unsecure● Learn who you can share passwords with● Learn how to protect your accounts

Password ManagersEnd Users | 1:05 | 3 questions

LEARNING OBJECTIVES● Learn what password managers are● Understand how password managers

work● Understand how they can protect you

PhishingEnd Users | 1:14 | 3 questions

LEARNING OBJECTIVES● Understand the concept of phishing● Learn the most common type of phishing● Learn how to identify phishing attacks

7

Training Modules

8

Nano-modules (continued)

Spear-PhishingEnd Users | 1:02 | 3 questions

LEARNING OBJECTIVES● Understand the concept of

spear-phishing● Learn the difference between

spear-phishing and simply phishing● Learn the tactics behind spear-phishing

MalwareEnd Users | 58 sec. | 3 questions

LEARNING OBJECTIVES● Learn the definition of malware● Understand how to help protect against

malware● Understand the importance of updates

SmishingEnd Users | 1:00 | 3 questions

LEARNING OBJECTIVES● Understand the concept of smishing● Understand why smishing is a threat● Learn how to spot smishing attacks

Secure Your AppsEnd Users | 55 sec. | 3 questions

LEARNING OBJECTIVES● Understand application software dangers● Learn about where to securely download

apps● Learn how criminals use apps against

you

Device SecurityEnd Users | 1:00 | 3 questions

LEARNING OBJECTIVES● Understand the physical security threats

to our devices● Learn the importance of securing your

devices● Learning how to properly secure your

devices

Internet of Things (IoT)End Users | 1:03 | 3 questions

LEARNING OBJECTIVES● Learn what makes up the IoT● Learn about the IoT devices default

credentials and security threats● Understand how to better protect your

IoT devices

Mobile SecurityEnd Users | 1:00 | 3 questions

LEARNING OBJECTIVES● Understand why your mobile devices

need security● Learn how to secure your mobile devices● Learn the security settings that help

secure your mobile devices

Insider ThreatEnd Users | 1:03 | 3 questions

LEARNING OBJECTIVES● Understand the dangers of an insider

threat● Learn about the prevalence of insider

threats● Understand stand how you can also be

an accidental insider threat

Training Modules

9


Physical SecurityEnd Users | 1:08 | 3 questions

LEARNING OBJECTIVES● Learn how physical security is

intertwined with cyber security● Understand how to do your part or

physical security● Learn the importance of verifying before

you trust

Tailgating/PiggybackingEnd Users | 54 sec. | 3 questions

LEARNING OBJECTIVES● Explore the threat of tailgating● Learn the motive behind a tailgating

attempt● Learn how to prevent tailgating

Data ClassificationEnd Users | 58 sec. | 3 questions

LEARNING OBJECTIVES● Understand the importance of data

classification● Learn the general types of data● Learn how you can be more conscience

of data classification

Data Privacy (new)End Users | 1:35 | 3 questions

LEARNING OBJECTIVES● Understand privacy settings and how to

set them● Learn how to identify suspicious apps

and agreements before downloading or signing

PII (new)End Users | 1:41 | 3 questions

LEARNING OBJECTIVES● Understand the definition of personally

identifiable information (PII)● Learn how to safely share, collect and

protect PII

PHI (new)End Users | 1:49 | 3 questions

LEARNING OBJECTIVES● Understand the definition of protected

health information (PHI)● Learn how to safely share, collect and

protect PHI● Reporting breaches in a timely manner

PCI (new)End Users | 1:30 | 3 questions

LEARNING OBJECTIVES● Understand the definition of payment

card industry (PCI) information, terms and regulations

● Learn how to comply with PCI● Prepare to safely share, collect and

protect PCI

HIPAA (new)End Users | 1:22 | 3 questions

LEARNING OBJECTIVES● Understand the definition of the Health

Insurance Portability and Accountability Act

● Prepare to safely share, collect and protect PHI

Training Modules

10

Shadow IT (new)End Users | 1:24 | 3 questions

LEARNING OBJECTIVES● Understand the danger of downloading

apps without approval● Learn how to request downloads through

the proper channels to avoid breach and others forms of loss

MFA (new)End Users | 1:15 | 3 questions

LEARNING OBJECTIVES● Understand the meaning and definition

behind multi-factor authentication (MFA)● Discover types of MFA among the three

categories (i.e. something you know, something you are and something you have)

Encryption (new)End Users | 1:13 | 3 questions

LEARNING OBJECTIVES● Understand encryption at a high-level

and how it works to hide private information from prying eyes

● Learn about one, well-known algorithm known as the ‘Caesar cipher’

Sales ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for sales

personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material

GDPR (new)End Users | 1:51 | 3 questions

LEARNING OBJECTIVES● Understand the meaning and definition of the

General Data Protection Regulation (GDPR)● Learn about ‘cookies’ and web traffic covered

by GDPR● Learn about collecting data, the right to be

forgotten and the consequences of non-compliance

PIPEDA (new)End Users | 1:09 | 3 questions


Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada

● Learn how to safely share, collect and protect data under PIPEDA

CCPA (new)End Users | 1:12 | 3 questions


California Consumer Privacy Act (CCPA)● Learn how to safely share, collect and

protect data under CCPA regulation

Vishing (new)End Users | 1:33 | 3 questions

LEARNING OBJECTIVES● Understand the method and motive behind

voice-phishing otherwise known as ‘vishing’● Learn that it’s OK to hang up and call back a

number that is known and trusted


Training Modules

11

Service Desk ‘why’ (new)End Users | 55 sec. | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for service

desk personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material

Customer support ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for customer

support personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material

Vendor/Supply Chain ‘why’ (new)End Users | 1:03 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for vendor and

supply chain personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material

Marketing ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for marketing


Finance ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for finance


HR ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for HR


Exec. Assistant ‘why’ (new)End Users | 1:00 | 3 questions

LEARNING OBJECTIVES● The ‘why’ security matters for executive

assistant (EA) personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material


Secure Coding - Introduction (new)Developers and other Technical Employees | 0:59

LEARNING OBJECTIVES● Technical training, including secure coding

training for their development teams.

Training Modules

12

Secure Coding - Patching (new)Developers and other Technical Employees1:42 | 3 questions LEARNING OBJECTIVES

● Technical training, including secure coding training for their development teams.

Secure Coding - Source Code (new)Developers and other Technical Employees1:41 | 3 questions LEARNING OBJECTIVES


Secure Coding - Static Analysis (new)Developers and other Technical Employees1:08 | 3 questions LEARNING OBJECTIVES


Secure Coding - Authentication and Authorization (new)Developers and other Technical Employees1:34 | 3 questions LEARNING OBJECTIVES


Secure Coding - Least Priviledge (new)Developers and other Technical Employees1:16 | 3 questions LEARNING OBJECTIVES


Secure Coding - Injection (new)Developers and other Technical Employees1:40 | 3 questions LEARNING OBJECTIVES


Secure Coding - OWASP Introduction (new)Developers and other Technical Employees1:18 | 3 questions LEARNING OBJECTIVES



Secure Coding - Threat Modeling (new)Developers and other Technical Employees1:18 | 3 questions LEARNING OBJECTIVES


Secure Coding - Vulnerable Dependencies (new)Developers and other Technical Employees1:20 | 3 questions LEARNING OBJECTIVES


Training Modules

TRAINING STYLE Because people understand in story and metaphors, Case in Point modules use powerful analogies and narrative interview to educate and encourage users to grasp seemingly inaccessible concepts.

13

Micro-modules (Case-in-points)

Mobile SecurityGeneral End Users | 1:40 | Retention Module

DESCRIPTIONIn this module, users will learn about mobile device security, how to discern between legitimate and illegitimate applications and lessons learned from true stories of compromise.

Physical SecurityGeneral End Users | 1:37 | Retention Module

DESCRIPTIONIn this module, users will learn about best practices for guarding against inside and outside threats to the company and personal property by keeping a clean desk, minimizing tailgating into secure facilities and securely trashing physical material.

Safety OnlineGeneral End Users | 1:34 | Retention Module

DESCRIPTIONIn this module, users will be exposed to basic domain awareness (HTTP/s and top-level domains) as well as tips for using social media securely and risks of the sharing economy.

Travel SecureGeneral End Users | 1:42 | Retention Module

DESCRIPTIONIn this module, users will learn how to secure and stow devices properly while traveling.

Password ReuseGeneral End Users | 1:32 | Retention Module

DESCRIPTIONIn this module, users will learn about the significant drawbacks of password reuse, the practice of credential stuffing and the necessity to use a password manager.

RansomwareGeneral End Users | 2:25 | Retention Module

DESCRIPTIONIn this module, users will learn about ransomware, backup plans and how to proactively combat malicious software.

Training Modules

14

Work From Home (WFH)General End Users | 2:29 | Retention Module

DESCRIPTIONIn this module, users will learn how to work securely from home. Play to learn more about VPNs, safety online and remote meetings!

Themed PhishingGeneral End Users | 2:30 | Retention Module

DESCRIPTIONIn this module, users will learn about themed emails that are designed to convince people to take action. Here's how to spot them!

Internet of Things (IoT)General End Users | 2:39 | Retention Module

DESCRIPTIONIn this module, users will learn about internet-connected things, their default settings and how to secure them.

Cloud Security ThreatsGeneral End Users | 2:36 | Retention Module

DESCRIPTIONIn this module, users will learn to define 'the cloud,' its vital role in storing and transporting data securely and how to protect it.

Vendor Email Compromise (VEC)General End Users | Retention Module

DESCRIPTIONIn this module, users will learn about BEC's cousin, vendor email compromise (VEC), and how to prevent it from impacting their lives, their organizations and the bottom line.

Synthetic Identity TheftGeneral End Users | 2:37 | Retention Module

DESCRIPTIONIn this module, users will learn the value of personal data to a cybercriminal and the reality that partial stolen identification can become full compromise.

Micro-modules (Case-in-points)

Reporting Suspicious ActivityGeneral End Users | 2:52 | Retention Module

DESCRIPTIONIn this module, users will learn the importance of reporting suspicious activity and key indicators on when to do it.

Point of Sale (PoS) SecurityGeneral End Users | 3:56 | Retention Module

DESCRIPTIONIn this module, users will learn the importance of correctly securing PoS locations and the risk associated with failing to do so.

Advanced Financial Social EngineeringGeneral End Users | 3:30 | Retention Module

DESCRIPTIONIn this module, users will experience how convincing advanced financial social engineering can be and tactics to avoid becoming a victim of it.

Training Modules

15

TRAINING STYLE An expert-driven conversation, where a single security concept is explained in a progressive manner at three levels of difficulty. It begins with a foundational level to explain a concept accessible to all people. It follows with an intermediate discussion accessible to most people, building upon the foundation laid in the first discussion. It concludes with an advanced discussion between an expert and an active professional to flesh out the concept for more advanced and ambitious learners.

Big Ideas

PrivacyGeneral End Users | Retention Module Included

LEARNING OBJECTIVESPrivacy: In this module, users will learn the benefits and drawbacks of technology, including the reality that it is far too easy to overshare online (e.g. geolocation).

PasswordsGeneral End Users | 4:03 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about secure password storage, password management across multiple devices and the risks of auto-filling credentials in web browsers.

PIIGeneral End Users | 3:57 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about personally identifiable information (PII), data protection and why it's important to prevent breach.

General CybersecurityGeneral End Users | 3:46 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about basic cybersecurity practices, common violations in the workplace and how to secure their digital lives.

PhishingGeneral End Users | 3:58 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about phishing, different types of phishing and how to prevent against it.

Training Modules

16

Data ClassificationGeneral End Users | 3:59 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about basic distinctions between public and private data, nuances in classification and that data is everyone's responsibility.

VishingGeneral End Users | 3:30 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about voice phishing (vishing), a healthy sense of paranoia for combatting scams and red flags to look out for.

Big Ideas (Continued)

Privileged PermissionsGeneral End Users | 4:04 | 10 Retention Module Questions

LEARNING OBJECTIVESIn this module, users will learn about what it means to have privileged access, the difference between 'want to know' and 'need to know' and how privileged users are larger targets for cyber attack.

Training Modules

17

HR, Finance, Customer Support, Privileged User, General End User | 1:50 | Retention Module Included

TRAINING STYLE An antagonist character highlights how poor security behavior and decisions within an office can open up that organization to an increased risk of a security incident.

LEARNING OBJECTIVESSecurity trivia designed to help specific roles (see below) understand a typical day-in-the-life in the context of cyber security and risk. Questions measure overall competence and confidence with security lingo related to the given role.

*Each audience type represents its own module

Role-Based Training (Day in the Life)

Security Trivia(101, 102)

General End User | LS content catalog contains over 300 questions that can be leveraged in the Security Trivia training module

DESCRIPTIONMultiple choice security trivia centering on the fundamentals!

Training Modules

18

Phishing Skills(101, 102, Mobile)

General End User, Finance, HR, Customer Support, Privileged User | Up to 20 Questions Per Module

DESCRIPTIONAudience is shown an email, where the participant can hover different sections of the email to understand the context of email in order to determine if the email is a phishing attack, or a legitimate email.

LEARNING OBJECTIVESPhishing attack indicators, latest phishing threats

Threat Insight(101, 102)

General End User | Up to 10 Questions Per Module

DESCRIPTIONSurvey to measure perceived risk perception of cyber threats and perceived susceptibility to phishing scams.

LEARNING OBJECTIVESThis module is will give the security awareness program owner insight into the actual perception around risk, threats and decisions of their end users, allowing the owner to make more intelligent decisions in maturing their security awareness program

Training Modules

19

Am I Secure?(101, 102)

General End User | Up to 10 Questions Per Module

DESCRIPTIONSurvey to measure end user risk at home, work and while traveling.

Culture AssessmentGeneral End User | Up to 10 Questions

DESCRIPTIONSurvey to measure perceived cultural dynamics (e.g. process-, compliance-, autonomy- or trust-oriented). Loosely maps to security personality profiling.

Training Modules

Executive TrainingWhy Executives Are TargetedExecutives | 2:15 | 6 Questions

DESCRIPTIONSecurity trivia designed to help executives understand their elevated access and influence in safeguarding company resources.

Threat Insights For ExecutivesExecutives | 10 Questions

DESCRIPTIONSurvey to measure perceived risk perception of cyber threats and perceived susceptibility of the organization to security breach.

Phishing Skills - BECExecutives | 11 Questions

DESCRIPTIONAn exercise designed to help executives distinguish between Business Email Compromises (BEC) phishing emails and routine email communications given context clues and the importance of reporting suspicious emails to security/helpdesk.

Understanding the Black MarketExecutives | 3:11 | 8 Questions

DESCRIPTIONSecurity trivia designed to help executives understand the dangers of the underground (black) marketplace and its role in the business of cybercrime.

Am I Secure For ExecutivesExecutives | 12 Questions

DESCRIPTION Survey to measure executive risk in office, at home and while traveling.

Privacy For ExecutivesExecutives | 3:54 | 9 Questions

DESCRIPTIONSecurity trivia designed to help executives understand privacy implications to their personal and professional lives.

Travel Secure For ExecutivesExecutives | 5:32 | 9 Questions

DESCRIPTIONSecurity trivia designed to help executives understand elevated risk while traveling.

20

Team-based Training (Virtual)

21

Born Secure: Entrance Exam

General End Users | 45-60 min.

DESCRIPTIONSuspicious behavior at Gizmo Corp. leads one team of remote investigators on a heart-pounding pursuit of a cybercriminal heist which could leak $millions...You are that team!

LEARNING OBJECTIVES ● Combat Phishing, Spear-phishing, Voice

Phishing (Vishing) and SMS-Phishing (Smishing) by identifying red flags that social engineers leave behind

● Secure a WFH Workspace (7 Deadly Sins of Work From Home)

● Learn Proper Data Classification● Change Default Credentials and Protect

IoT Devices● Discover evidence of Insider Threats &

Cyber Criminals● Learn 10 Fundamentals of Security

Awareness

INTEGRATED PUZZLES● Complete● Flags● Classify● Unscramble● Hotspot● Callfire● Vishing● Feed

General End Users OR Retail Store Employees | 45-60 min.

DESCRIPTION Jacob Webb has been selected for a top-secret Program that trains new recruits on how to become the world’s best cybersecurity operatives. However, first he must pass a test known by the community as the “Entrance Exam.”

LEARNING OBJECTIVES ● Identifying Suspicious Activity & Physical

Security● Social Engineering & Spear Vishing● Phishing & Business Email Compromise

(BEC)● Identifying Cyber threats● Passwords & Passphrases● Incident Response/Reporting/Escalation● Attack Mapping & Critical Thinking● Communication & Ethics

INTEGRATED PUZZLES● Hotspot● Vishing● Craft a Phish● Dating Game● Emoji Passphrase● Re-Order● Attack Mapping● Incident Response

CyberEscape Online: Critical Mass

Integrated Puzzles (Optional)

Vishing (Critical Mass, Custom)General End Users | ~3 min.

DESCRIPTIONThe idea is for a user to be faced with a choice (choose your own adventure) on how to respond to a simulated, suspicious phone call. Their responses will lead him or her down a decision path resulting in either a pass (successfully deny the attack) or fail (unsuccessfully deny the attack).

Unscramble (Critical Mass, Custom)General End Users | ~3 min.

DESCRIPTIONThe idea is for users to be presented with a scrambled word puzzle challenge, that must be unscrambled to reveal a hidden cybersecurity message.

LEARNING OBJECTIVESEach cybersecurity message is tailor-made to address specific violations the users experience in real life, as well as progress them through the gameplay.

Complete (Critical Mass, Custom)General End Users | ~3 min.

DESCRIPTIONThe idea is for users to find and fill in the redacted information on the arrest warrant to link a cyber criminal with their crimes.

LEARNING OBJECTIVESBy linking an insider threat to their crimes the user will see that insider threats can appear just like you and me! You never know what a person's intentions might be with the company access.

22

LEARNING OBJECTIVESBy selecting the answer most compelling, the user will simulate their responses to voice phishing (vishing) attacks in real life.

Hotspot (Critical Mass, Entrance Exam - General/Store, Training Grounds)General End Users | ~3 min.

DESCRIPTIONThe idea is to search and secure a physical environment by clicking on a violation to fix it within the allotted time.

LEARNING OBJECTIVESBy identifying security violations in a virtual setting, users will learn to recognize similar violations in real life. They will learn to avoid the ‘7 deadly sins of security awareness: misinterpreting email legitimacy, reacting impulsively to scams, over-trusting security controls, oversharing on social media, mishandling devices, neglecting suspicious activity and surrendering to security fatigue.


23

Flags (Critical Mass)General End Users | ~3 min.

DESCRIPTIONThe idea is to examine emails and determine if they are real or phishing by clicking on the areas that the user thinks are suspicious.

LEARNING OBJECTIVESLearn to recognize phishing identifiers within emails such as: urgency, malicious links, malicious attachments, and spoofing.

Classify (Critical Mass)General End Users | ~2 min.

DESCRIPTIONThe idea is to properly handle a range of different data and material while categorizing it appropriately. The user will either need to swipe left or swipe right to classify the information into buckets, “public” or “private.”

LEARNING OBJECTIVESBy categorizing the information (and learning from any miscategorizations), users will intuitively learn the differences between “internal only,” “confidential,” “private,” “public.”

Scan (Simon Says)General End Users | ~2 min.

DESCRIPTIONThe idea is to use a network device scan to determine which devices are using default credentials. The devices using default credentials are perfect for cyber criminals to take over!

LEARNING OBJECTIVESUnderstand the risk of failing to change the default credentials on IoT devices and how vulnerable it leaves you.

Camera (Physical Escape Room)General End Users | ~2 min.

DESCRIPTIONThe idea is to determine the default credentials to access a network control webpage and learn what what information is considered Personally Identifiable Information (PII).

LEARNING OBJECTIVESUnderstand the risk of not changing default credentials, and better understand what information is considered PII.


24

Phishing (Physical Escape Room)General End Users | ~3 min.

DESCRIPTIONThe idea is for the user to be presented with two emails and decide which one they think is the more believable phishing email.

LEARNING OBJECTIVESIn the process, you will intuitively learn how an attacker exploits your trust so you can develop a sharper sense of defending against them.

Raw Phish (Physical Escape Room)General End Users | ~2 min.

DESCRIPTIONThe idea is to select which email log is most likely to be malicious by examining the original messages logs.

LEARNING OBJECTIVESIn this process, you will intuitively learn how a security operations team uses the headers in a suspicious email to investigate whether or not the email in question is phishing or spam.

The Social (Simon Says)General End Users | ~3 min.

DESCRIPTIONThe idea is for users to find the location of the target by searching for his location data posted public on social media.

LEARNING OBJECTIVESIn addition to learning the mechanisms through which social media tracks people, users will also intuitively learn that their privacy is at risk and that steps to reclaim that privacy include removing location data from sensitive posts online.


25

Social Connection (Physical Escape Room)General End Users | ~2 min.

DESCRIPTIONThe idea is for users to sabotage a person’s social networking account that has been used to spam other accounts on the same networking platform. The goal is to go to a site, use the saved credentials that have been “saved” by the browser, and delete all connections. The number of connections deleted will be used as a passcode for a larger puzzle.

LEARNING OBJECTIVESUsers will learn that cybercriminals commonly create artificial social media profiles and “friend request” targets to gather more information during their reconnaissance phase. By denying such requests, users will protect sensitive personal and corporate information from unnecessary exposure (e.g. database languages, emails, etc.).

Piktrhub (Physical Escape Room)General End Users | ~2 min.

DESCRIPTIONThe idea is for players to navigate to a website that requires them to agree to the terms and conditions displayed. Players are given feedback based on if they scroll through the terms and conditions prior to accepting them.

LEARNING OBJECTIVESUsers will be reminded of the many accounts they have set up online and the common practice of skipping through the fine print of an end-user license agreement (EULA). By skipping through the fine print, the users will learn that they are ignoring infringements of their privacy.


26

Craft a Phish V2 (Entrance Exam - General, Born Secure - Store, Training Grounds)General End Users | ~2 min.

DESCRIPTIONThe idea is for users to place themselves inside the mind of a cybercriminal and learn to ‘craft a phishing email’ by using enticing words and imagery.

LEARNING OBJECTIVESBy crafting a phishing email from the perspective of an attacker, users will intuitively learn ways in which people are exploited by trickery and persuasion via email. Phishing can be obvious but it can also look and feel all-too-real. It’s easier to spot a phishing email when you think like an attacker and not like a victim. Examples of phishing indicators include: Misspelled web links; Unfamiliar file extensions; Prompts to allow unusual programs to download.

Corkboard (Entrance Exam, Training Grounds)General End Users | ~2 min.

DESCRIPTIONThe idea is to connect the WHO, WHAT, HOW, and WHY of attacks carried out by cyber criminals to build a picture of the crimes committed.

LEARNING OBJECTIVESThe users will better understand the high level approach of WHO, WHAT, HOW, and WHY certain cyber crimes occur. This will help users to increase their ability to prevent attacks from being successful or even possible in the first place.

Emoji Passphrase (Entrance Exam)General End Users | ~1 min.

DESCRIPTIONThe idea is to solve the cybersecurity riddles and use the emojipedia to determine the creative passphrases.

LEARNING OBJECTIVESThe users will intuitively learn the importance and strength of using creative passphrases to secure their accounts.


27

Dating Game (Entrance Exam - General, Entrance Exam - Store, Training Grounds)General End Users | ~1 min.

DESCRIPTIONThe idea is to determine which person has the best cyber hygiene by asking them questions and basing your answer off of their responses.

LEARNING OBJECTIVESThe users will intuitively learn how to improve their cyber hygiene by examining the questions and answers provided by the individuals being examined. It will also help users to better understand the importance of cyber hygiene and that their hygiene affects others as well.

Vishing V2(Entrance Exam - General, Entrance Exam - Store)General End Users | ~1 min.

DESCRIPTIONThe user will step into the mind of a cybercriminal to carry out a vishing call against Western Marketing to understand how criminals manipulate and lie to steal information from victims.

LEARNING OBJECTIVESThe users will intuitively learn how to identify vishing attacks and defend themselves against them by better understanding the tactics used by cyber criminals.

Incident Response CYOA (Entrance Exam - General, Entrance Exam - Store)General End Users | ~1 min.

DESCRIPTIONThe idea is to take the position of response manager and attempt to correctly respond to the many cyber related problems that can occur at work as well as mitigate the attacks that weren’t able to be prevented.

LEARNING OBJECTIVESThe users will learn about different cyber related incidents and how quickly they can pile up. They will also learn how to identify,respond ,and mitigate these incidents.

Malware Unscrambler(Webb of Lies)General End Users | ~1 min.

DESCRIPTIONThe idea is for users to be presented with a malware scrambled word puzzle challenge, that must be unscrambled to reveal a hidden malware definitions.