Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Table Of ContentsTRAINING SERIES
● SIMON SAYS● TGIS● TrueEye● PHISHING IRL● BORN SECURE: TRAINING GROUNDS● The Squad● BORN SECURE: WEBB OF LIES
(coming soon)
TRAINING MODULES NANO-MODULES (~1min.)
● Whaling● Policy● Telework/Remote Work Security● Don't Reuse Passwords● Don't Share Passwords● Password Managers● Phishing● Spear-phishing● Smishing● Malware● Mobile Security● Secure Your Apps● Device Security● Internet Of Things● Insider Threat● Physical Security● Tailgating/Piggybacking● Data Classification● Data Privacy● PII● PHI● PCI● HIPPA● GDPR● CCPA● PIPEDA● Vishing● Shadow IT● MFA● Encryption● Sales ‘why’● Marketing ‘why’● HR ‘why’● Finance ‘why’● Exec. Assistant ‘why’● Service Desk ‘why’● Customer Support ‘why’● Vendor/Supply Chain ‘why’
2
NANO-MODULES Cont. (~1min.)● Secure Coding - Introduction● Secure Coding - Authentication and
Authorization● Secure Coding - Injection● Secure Coding - Least Privilege● Secure Coding - OWASP introduction● Secure Coding - Patching● Secure Coding - Source Code Secrets● Secure Coding - Static Analysis● Secure Coding - Threat Modeling● Secure Coding - Vulnerable
Dependencies
MICRO-MODULES (~2-3min.)● Mobile Security● Physical Security● Safety Online● Travel Secure● Password Reuse● Ransomware● Work From Home (WFH)● Themed Phishing● Internet of Things (IoT)● Cloud Security Threats● Vendor Email Compromise (VEC)● Synthetic Identity Theft● Suspicious Activity Reporting● Advanced Financial Social
Engineering● Point of Sale (PoS) Security
BIG IDEAS (~3-5min.)● Privacy● Passwords● PII● General Cybersecurity● Phishing● Data Classification● Privileged Permissions● Vishing
ROLE-BASED TRAINING● HR● Finance● Priv. User● Support● General
SECURITY TRIVIA● 101● 102
PHISHING SKILLS● 101● 102● Mobile
THREAT INSIGHT● 101● 102
AM I SECURE● 101● 102
CULTURE ASSESSMENT
EXECUTIVE TRAINING● Why Executives are Targeted● Phishing Skills- BEC● Understanding the Black Market● Threat Insight for Executives● Privacy for Executives● Travel Secure for Executives
RETENTION QUIZZESAll Major Series
TEAM-BASED TRAINING ● (CYBERESCAPE ONLINE)
CRITICAL MASS (GENERAL)● BORN SECURE (ENTRANCE EXAM -
GENERAL)● BORN SECURE (ENTRANCE EXAM -
STORES)
3
Table Of Contents
INTEGRATED PUZZLES● COMPLETE● UNSCRAMBLE● VISHING● HOTSPOT- HOME● CLASSIFY● FLAGS● SCAN● CAMERA● PHISHING● RAW PHISH● THE SOCIAL● SOCIAL CONNECTION● PIKTRHUB● CRAFT A PHISH V2● CORKBOARD● EMOJI PASSPHRASE● DATING GAME● VISHING V2● INCIDENT RESPONSE CYOA● MALWARE UNSCRAMBLER
Training Series
Simon Says
4
TGIS
General Audience | 20:40
DESCRIPTIONJoin Atlas and MJ as they track the activities of Simon, an accused murderer, and his identical clone counterpart. Become a part of the story as a remote team agent as you solve puzzles, answer security questions and identify security missteps while you locate the bot and determine who the real killer is.
LEARNING OBJECTIVESPassword Hygiene, Phishing Awareness, Social Media Privacy, Default Credentials, Secure Data Storage, Physical Security, Safety Online, Device Security
INTEGRATED TRAINING● Retention Modules per Episode (4)● Training Modules (4+)
INTEGRATED PUZZLES● The Social - Use social media for an
investigation● Scan- Determine the default credentials
on IoT devices● Craft a Phish - Determine the best
phishing email● Call to Pass - Use clues from a phone
call to determine company credentials
General End User | 26:31
DESCRIPTIONThank Goodness It's Secure is an episodic sitcom set in a local coffee shop, The Ground Truth, and follows the life of new barista, Allie Button, as she learns to take control of her life. The shop's lovable regulars, businessmen, entrepreneurs, jobseekers, keep her preoccupied with no shortage of trials as they grow together to lead more secure lifestyles.
LEARNING OBJECTIVESMulti-Factor Authentication, Remote Access/Authentication, Mobile Phishing, Incident Reporting, Biometric authentication, Safety Online, Smishing, Healthy Paranoia
INTEGRATED TRAINING● Retention Modules per Episode (4)● Training Modules (4+)
Training Series
True Eye
5
Phishing IRL
General End User | 18:02
DESCRIPTIONTrue Eye is a Hollywood-style thriller that follows new-hire, Adrian Bridges, through his first day at a global AI-technology firm. Adrian’s policy orientation and security training quickly spin into suspense and intrigue as his personal AI device, Guide, starts asking him to do unethical and even dangerous things with sensitive data. His adventure offers a glimpse into proper operational security, how technology affects people and what we can do about it.
LEARNING OBJECTIVES Password Hygiene, Secure Data Storage, Phishing Awareness, Physical Security, Social Media Privacy, Safety Online, Device Security, Default Credentials
INTEGRATED TRAINING●Retention Modules per Episode
INTEGRATED PUZZLES● Hotspot - Identify the security
vulnerabilities● Classify - Determine the security level of
assets● Vishing - Follow a vishing attack scenario● Unscramble - Create the sentences that
describe cybersecurity best practices
General End User, Phishing Remediation Training | 9:08
DESCRIPTION An engaging, training-driven storyline designed to debunk myths about cyber criminals and better inform end-users about what phishing looks like in real life.
LEARNING OBJECTIVES Origination of Phishing Emails, Cyber Criminal Organizations, Phishing Email Analysis, Effects of Phishing Emails
INTEGRATED TRAINING● Retention Modules per Episode (4)● Training Modules (4+)
INTEGRATED PUZZLES● Craft a Phish - Determine the best
phishing email● Spoil The Vish - Stop the vishing
attempts● Flags - Detect the red flags in phishing
emails
Training Series
Born Secure:Training Grounds
6
The Squad
General End User | 24:00
DESCRIPTIONThis training experience follows Jacob Webb, code-named xGhost, never considered a life as a cyber-operative until he was hand-picked as a candidate for a government-funded, cyber training Program. The Program is designed to defend critical assets and infrastructure by operating in the shadows and infiltrating the cyber underground. As xGhost and the other candidates enter Phase 3 of their training, their anticipation of real-world operations grows. But the veil of secrecy leads xGhost into doing someone else’s bidding.
LEARNING OBJECTIVES Phishing, Password hygiene, physical security, attack mapping, asset protection
INTEGRATED TRAININGPhishing Awareness, Physical Security Vulnerabilities, Attack Mapping, Protecting Assets
INTEGRATED PUZZLES● Craft a Phish - Experience designing
phishing emails● HotSpot V3 - Identify physical security
vulnerabilities● Corkboard - Understand high level attack
strategies
Born Secure:Webb of Lies (coming soon)
General End User | 21:00
DESCRIPTIONIt’s the year 2027, and the Squad is on the verge of launching their biggest project to date: taking 7G to the moon! However, just before their big day, the Squad’s biggest rival, Copy Dat, announces they’re doing the same thing! How is this possible?! Did Orson overshare on social media? Did Caleb get phished!? It’s a race against the clock to reclaim the Squad’s beloved project from being defunded, replace the competitor’s project with a better one and restore glory to its rightful place. Squad up! This one’s going to be fun.
LEARNING OBJECTIVES A comedic, threat-driven storyline designed to immerse viewers in security awareness without it feeling like training. This live-action, 3-part series will drive engagement and comprehension around oversharing, social media and phishing (BEC) better than anything else before it.
INTEGRATED TRAINING● Oversharing on Social Media ● Privacy settings and cleaning up digital
footprint● Spear-Phishing & Spear-Vishing● Business Email Compromise (BEC) & Vendor
Email Compromise (VEC)● Incident Response● Policy & Compliance
Training Modules
Nano-modules (all ~1min.)
WhalingEnd Users | 58 sec. | 3 questions
LEARNING OBJECTIVES● Who whaling targets● What whaling looks like● The difference between whaling and
spear-phishing
Don’t Reuse PasswordsEnd Users | 1:04 | 3 questions
LEARNING OBJECTIVES● Learn the risk of reusing passwords● Learn how to avoid reusing passwords● Learn the use of password managers
Telework/Remote Work SecurityEnd Users | 1:14 | 3 questions
LEARNING OBJECTIVES● Learn the risks of remote work● Learn how VPNs protect you● Learn how to safely work remotely
PolicyEnd Users | 58 sec. | 3 questions
LEARNING OBJECTIVES● Understand the importance of policies● Understand how policies protect data● Understand how policies protect you
Don’t Share PasswordsEnd Users | 57 sec. | 3 questions
LEARNING OBJECTIVES● Learn how sharing passwords is
unsecure● Learn who you can share passwords with● Learn how to protect your accounts
Password ManagersEnd Users | 1:05 | 3 questions
LEARNING OBJECTIVES● Learn what password managers are● Understand how password managers
work● Understand how they can protect you
PhishingEnd Users | 1:14 | 3 questions
LEARNING OBJECTIVES● Understand the concept of phishing● Learn the most common type of phishing● Learn how to identify phishing attacks
7
Training Modules
8
Nano-modules (continued)
Spear-PhishingEnd Users | 1:02 | 3 questions
LEARNING OBJECTIVES● Understand the concept of
spear-phishing● Learn the difference between
spear-phishing and simply phishing● Learn the tactics behind spear-phishing
MalwareEnd Users | 58 sec. | 3 questions
LEARNING OBJECTIVES● Learn the definition of malware● Understand how to help protect against
malware● Understand the importance of updates
SmishingEnd Users | 1:00 | 3 questions
LEARNING OBJECTIVES● Understand the concept of smishing● Understand why smishing is a threat● Learn how to spot smishing attacks
Secure Your AppsEnd Users | 55 sec. | 3 questions
LEARNING OBJECTIVES● Understand application software dangers● Learn about where to securely download
apps● Learn how criminals use apps against
you
Device SecurityEnd Users | 1:00 | 3 questions
LEARNING OBJECTIVES● Understand the physical security threats
to our devices● Learn the importance of securing your
devices● Learning how to properly secure your
devices
Internet of Things (IoT)End Users | 1:03 | 3 questions
LEARNING OBJECTIVES● Learn what makes up the IoT● Learn about the IoT devices default
credentials and security threats● Understand how to better protect your
IoT devices
Mobile SecurityEnd Users | 1:00 | 3 questions
LEARNING OBJECTIVES● Understand why your mobile devices
need security● Learn how to secure your mobile devices● Learn the security settings that help
secure your mobile devices
Insider ThreatEnd Users | 1:03 | 3 questions
LEARNING OBJECTIVES● Understand the dangers of an insider
threat● Learn about the prevalence of insider
threats● Understand stand how you can also be
an accidental insider threat
Training Modules
9
Nano-modules (continued)
Physical SecurityEnd Users | 1:08 | 3 questions
LEARNING OBJECTIVES● Learn how physical security is
intertwined with cyber security● Understand how to do your part or
physical security● Learn the importance of verifying before
you trust
Tailgating/PiggybackingEnd Users | 54 sec. | 3 questions
LEARNING OBJECTIVES● Explore the threat of tailgating● Learn the motive behind a tailgating
attempt● Learn how to prevent tailgating
Data ClassificationEnd Users | 58 sec. | 3 questions
LEARNING OBJECTIVES● Understand the importance of data
classification● Learn the general types of data● Learn how you can be more conscience
of data classification
Data Privacy (new)End Users | 1:35 | 3 questions
LEARNING OBJECTIVES● Understand privacy settings and how to
set them● Learn how to identify suspicious apps
and agreements before downloading or signing
PII (new)End Users | 1:41 | 3 questions
LEARNING OBJECTIVES● Understand the definition of personally
identifiable information (PII)● Learn how to safely share, collect and
protect PII
PHI (new)End Users | 1:49 | 3 questions
LEARNING OBJECTIVES● Understand the definition of protected
health information (PHI)● Learn how to safely share, collect and
protect PHI● Reporting breaches in a timely manner
PCI (new)End Users | 1:30 | 3 questions
LEARNING OBJECTIVES● Understand the definition of payment
card industry (PCI) information, terms and regulations
● Learn how to comply with PCI● Prepare to safely share, collect and
protect PCI
HIPAA (new)End Users | 1:22 | 3 questions
LEARNING OBJECTIVES● Understand the definition of the Health
Insurance Portability and Accountability Act
● Prepare to safely share, collect and protect PHI
Training Modules
10
Shadow IT (new)End Users | 1:24 | 3 questions
LEARNING OBJECTIVES● Understand the danger of downloading
apps without approval● Learn how to request downloads through
the proper channels to avoid breach and others forms of loss
MFA (new)End Users | 1:15 | 3 questions
LEARNING OBJECTIVES● Understand the meaning and definition
behind multi-factor authentication (MFA)● Discover types of MFA among the three
categories (i.e. something you know, something you are and something you have)
Encryption (new)End Users | 1:13 | 3 questions
LEARNING OBJECTIVES● Understand encryption at a high-level
and how it works to hide private information from prying eyes
● Learn about one, well-known algorithm known as the ‘Caesar cipher’
Sales ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for sales
personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
GDPR (new)End Users | 1:51 | 3 questions
LEARNING OBJECTIVES● Understand the meaning and definition of the
General Data Protection Regulation (GDPR)● Learn about ‘cookies’ and web traffic covered
by GDPR● Learn about collecting data, the right to be
forgotten and the consequences of non-compliance
PIPEDA (new)End Users | 1:09 | 3 questions
LEARNING OBJECTIVES● Understand the meaning and definition of the
Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
● Learn how to safely share, collect and protect data under PIPEDA
CCPA (new)End Users | 1:12 | 3 questions
LEARNING OBJECTIVES● Understand the meaning and definition of the
California Consumer Privacy Act (CCPA)● Learn how to safely share, collect and
protect data under CCPA regulation
Vishing (new)End Users | 1:33 | 3 questions
LEARNING OBJECTIVES● Understand the method and motive behind
voice-phishing otherwise known as ‘vishing’● Learn that it’s OK to hang up and call back a
number that is known and trusted
Nano-modules (continued)
Training Modules
11
Service Desk ‘why’ (new)End Users | 55 sec. | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for service
desk personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Customer support ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for customer
support personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Vendor/Supply Chain ‘why’ (new)End Users | 1:03 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for vendor and
supply chain personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Marketing ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for marketing
personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Finance ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for finance
personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
HR ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for HR
personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Exec. Assistant ‘why’ (new)End Users | 1:00 | 3 questions
LEARNING OBJECTIVES● The ‘why’ security matters for executive
assistant (EA) personnel at all levels of the department, designed to make these employees feel ‘seen’ and more likely to engage with awareness material
Nano-modules (continued)
Secure Coding - Introduction (new)Developers and other Technical Employees | 0:59
LEARNING OBJECTIVES● Technical training, including secure coding
training for their development teams.
Training Modules
12
Secure Coding - Patching (new)Developers and other Technical Employees1:42 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Source Code (new)Developers and other Technical Employees1:41 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Static Analysis (new)Developers and other Technical Employees1:08 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Authentication and Authorization (new)Developers and other Technical Employees1:34 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Least Priviledge (new)Developers and other Technical Employees1:16 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Injection (new)Developers and other Technical Employees1:40 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - OWASP Introduction (new)Developers and other Technical Employees1:18 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Nano-modules (continued)
Secure Coding - Threat Modeling (new)Developers and other Technical Employees1:18 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Secure Coding - Vulnerable Dependencies (new)Developers and other Technical Employees1:20 | 3 questions LEARNING OBJECTIVES
● Technical training, including secure coding training for their development teams.
Training Modules
TRAINING STYLE Because people understand in story and metaphors, Case in Point modules use powerful analogies and narrative interview to educate and encourage users to grasp seemingly inaccessible concepts.
13
Micro-modules (Case-in-points)
Mobile SecurityGeneral End Users | 1:40 | Retention Module
DESCRIPTIONIn this module, users will learn about mobile device security, how to discern between legitimate and illegitimate applications and lessons learned from true stories of compromise.
Physical SecurityGeneral End Users | 1:37 | Retention Module
DESCRIPTIONIn this module, users will learn about best practices for guarding against inside and outside threats to the company and personal property by keeping a clean desk, minimizing tailgating into secure facilities and securely trashing physical material.
Safety OnlineGeneral End Users | 1:34 | Retention Module
DESCRIPTIONIn this module, users will be exposed to basic domain awareness (HTTP/s and top-level domains) as well as tips for using social media securely and risks of the sharing economy.
Travel SecureGeneral End Users | 1:42 | Retention Module
DESCRIPTIONIn this module, users will learn how to secure and stow devices properly while traveling.
Password ReuseGeneral End Users | 1:32 | Retention Module
DESCRIPTIONIn this module, users will learn about the significant drawbacks of password reuse, the practice of credential stuffing and the necessity to use a password manager.
RansomwareGeneral End Users | 2:25 | Retention Module
DESCRIPTIONIn this module, users will learn about ransomware, backup plans and how to proactively combat malicious software.
Training Modules
14
Work From Home (WFH)General End Users | 2:29 | Retention Module
DESCRIPTIONIn this module, users will learn how to work securely from home. Play to learn more about VPNs, safety online and remote meetings!
Themed PhishingGeneral End Users | 2:30 | Retention Module
DESCRIPTIONIn this module, users will learn about themed emails that are designed to convince people to take action. Here's how to spot them!
Internet of Things (IoT)General End Users | 2:39 | Retention Module
DESCRIPTIONIn this module, users will learn about internet-connected things, their default settings and how to secure them.
Cloud Security ThreatsGeneral End Users | 2:36 | Retention Module
DESCRIPTIONIn this module, users will learn to define 'the cloud,' its vital role in storing and transporting data securely and how to protect it.
Vendor Email Compromise (VEC)General End Users | Retention Module
DESCRIPTIONIn this module, users will learn about BEC's cousin, vendor email compromise (VEC), and how to prevent it from impacting their lives, their organizations and the bottom line.
Synthetic Identity TheftGeneral End Users | 2:37 | Retention Module
DESCRIPTIONIn this module, users will learn the value of personal data to a cybercriminal and the reality that partial stolen identification can become full compromise.
Micro-modules (Case-in-points)
Reporting Suspicious ActivityGeneral End Users | 2:52 | Retention Module
DESCRIPTIONIn this module, users will learn the importance of reporting suspicious activity and key indicators on when to do it.
Point of Sale (PoS) SecurityGeneral End Users | 3:56 | Retention Module
DESCRIPTIONIn this module, users will learn the importance of correctly securing PoS locations and the risk associated with failing to do so.
Advanced Financial Social EngineeringGeneral End Users | 3:30 | Retention Module
DESCRIPTIONIn this module, users will experience how convincing advanced financial social engineering can be and tactics to avoid becoming a victim of it.
Training Modules
15
TRAINING STYLE An expert-driven conversation, where a single security concept is explained in a progressive manner at three levels of difficulty. It begins with a foundational level to explain a concept accessible to all people. It follows with an intermediate discussion accessible to most people, building upon the foundation laid in the first discussion. It concludes with an advanced discussion between an expert and an active professional to flesh out the concept for more advanced and ambitious learners.
Big Ideas
PrivacyGeneral End Users | Retention Module Included
LEARNING OBJECTIVESPrivacy: In this module, users will learn the benefits and drawbacks of technology, including the reality that it is far too easy to overshare online (e.g. geolocation).
PasswordsGeneral End Users | 4:03 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about secure password storage, password management across multiple devices and the risks of auto-filling credentials in web browsers.
PIIGeneral End Users | 3:57 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about personally identifiable information (PII), data protection and why it's important to prevent breach.
General CybersecurityGeneral End Users | 3:46 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about basic cybersecurity practices, common violations in the workplace and how to secure their digital lives.
PhishingGeneral End Users | 3:58 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about phishing, different types of phishing and how to prevent against it.
Training Modules
16
Data ClassificationGeneral End Users | 3:59 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about basic distinctions between public and private data, nuances in classification and that data is everyone's responsibility.
VishingGeneral End Users | 3:30 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about voice phishing (vishing), a healthy sense of paranoia for combatting scams and red flags to look out for.
Big Ideas (Continued)
Privileged PermissionsGeneral End Users | 4:04 | 10 Retention Module Questions
LEARNING OBJECTIVESIn this module, users will learn about what it means to have privileged access, the difference between 'want to know' and 'need to know' and how privileged users are larger targets for cyber attack.
Training Modules
17
HR, Finance, Customer Support, Privileged User, General End User | 1:50 | Retention Module Included
TRAINING STYLE An antagonist character highlights how poor security behavior and decisions within an office can open up that organization to an increased risk of a security incident.
LEARNING OBJECTIVESSecurity trivia designed to help specific roles (see below) understand a typical day-in-the-life in the context of cyber security and risk. Questions measure overall competence and confidence with security lingo related to the given role.
*Each audience type represents its own module
Role-Based Training (Day in the Life)
Security Trivia(101, 102)
General End User | LS content catalog contains over 300 questions that can be leveraged in the Security Trivia training module
DESCRIPTIONMultiple choice security trivia centering on the fundamentals!
Training Modules
18
Phishing Skills(101, 102, Mobile)
General End User, Finance, HR, Customer Support, Privileged User | Up to 20 Questions Per Module
DESCRIPTIONAudience is shown an email, where the participant can hover different sections of the email to understand the context of email in order to determine if the email is a phishing attack, or a legitimate email.
LEARNING OBJECTIVESPhishing attack indicators, latest phishing threats
Threat Insight(101, 102)
General End User | Up to 10 Questions Per Module
DESCRIPTIONSurvey to measure perceived risk perception of cyber threats and perceived susceptibility to phishing scams.
LEARNING OBJECTIVESThis module is will give the security awareness program owner insight into the actual perception around risk, threats and decisions of their end users, allowing the owner to make more intelligent decisions in maturing their security awareness program
Training Modules
19
Am I Secure?(101, 102)
General End User | Up to 10 Questions Per Module
DESCRIPTIONSurvey to measure end user risk at home, work and while traveling.
Culture AssessmentGeneral End User | Up to 10 Questions
DESCRIPTIONSurvey to measure perceived cultural dynamics (e.g. process-, compliance-, autonomy- or trust-oriented). Loosely maps to security personality profiling.
Training Modules
Executive TrainingWhy Executives Are TargetedExecutives | 2:15 | 6 Questions
DESCRIPTIONSecurity trivia designed to help executives understand their elevated access and influence in safeguarding company resources.
Threat Insights For ExecutivesExecutives | 10 Questions
DESCRIPTIONSurvey to measure perceived risk perception of cyber threats and perceived susceptibility of the organization to security breach.
Phishing Skills - BECExecutives | 11 Questions
DESCRIPTIONAn exercise designed to help executives distinguish between Business Email Compromises (BEC) phishing emails and routine email communications given context clues and the importance of reporting suspicious emails to security/helpdesk.
Understanding the Black MarketExecutives | 3:11 | 8 Questions
DESCRIPTIONSecurity trivia designed to help executives understand the dangers of the underground (black) marketplace and its role in the business of cybercrime.
Am I Secure For ExecutivesExecutives | 12 Questions
DESCRIPTION Survey to measure executive risk in office, at home and while traveling.
Privacy For ExecutivesExecutives | 3:54 | 9 Questions
DESCRIPTIONSecurity trivia designed to help executives understand privacy implications to their personal and professional lives.
Travel Secure For ExecutivesExecutives | 5:32 | 9 Questions
DESCRIPTIONSecurity trivia designed to help executives understand elevated risk while traveling.
20
Team-based Training (Virtual)
21
Born Secure: Entrance Exam
General End Users | 45-60 min.
DESCRIPTIONSuspicious behavior at Gizmo Corp. leads one team of remote investigators on a heart-pounding pursuit of a cybercriminal heist which could leak $millions...You are that team!
LEARNING OBJECTIVES ● Combat Phishing, Spear-phishing, Voice
Phishing (Vishing) and SMS-Phishing (Smishing) by identifying red flags that social engineers leave behind
● Secure a WFH Workspace (7 Deadly Sins of Work From Home)
● Learn Proper Data Classification● Change Default Credentials and Protect
IoT Devices● Discover evidence of Insider Threats &
Cyber Criminals● Learn 10 Fundamentals of Security
Awareness
INTEGRATED PUZZLES● Complete● Flags● Classify● Unscramble● Hotspot● Callfire● Vishing● Feed
General End Users OR Retail Store Employees | 45-60 min.
DESCRIPTION Jacob Webb has been selected for a top-secret Program that trains new recruits on how to become the world’s best cybersecurity operatives. However, first he must pass a test known by the community as the “Entrance Exam.”
LEARNING OBJECTIVES ● Identifying Suspicious Activity & Physical
Security● Social Engineering & Spear Vishing● Phishing & Business Email Compromise
(BEC)● Identifying Cyber threats● Passwords & Passphrases● Incident Response/Reporting/Escalation● Attack Mapping & Critical Thinking● Communication & Ethics
INTEGRATED PUZZLES● Hotspot● Vishing● Craft a Phish● Dating Game● Emoji Passphrase● Re-Order● Attack Mapping● Incident Response
CyberEscape Online: Critical Mass
Integrated Puzzles (Optional)
Vishing (Critical Mass, Custom)General End Users | ~3 min.
DESCRIPTIONThe idea is for a user to be faced with a choice (choose your own adventure) on how to respond to a simulated, suspicious phone call. Their responses will lead him or her down a decision path resulting in either a pass (successfully deny the attack) or fail (unsuccessfully deny the attack).
Unscramble (Critical Mass, Custom)General End Users | ~3 min.
DESCRIPTIONThe idea is for users to be presented with a scrambled word puzzle challenge, that must be unscrambled to reveal a hidden cybersecurity message.
LEARNING OBJECTIVESEach cybersecurity message is tailor-made to address specific violations the users experience in real life, as well as progress them through the gameplay.
Complete (Critical Mass, Custom)General End Users | ~3 min.
DESCRIPTIONThe idea is for users to find and fill in the redacted information on the arrest warrant to link a cyber criminal with their crimes.
LEARNING OBJECTIVESBy linking an insider threat to their crimes the user will see that insider threats can appear just like you and me! You never know what a person's intentions might be with the company access.
22
LEARNING OBJECTIVESBy selecting the answer most compelling, the user will simulate their responses to voice phishing (vishing) attacks in real life.
Hotspot (Critical Mass, Entrance Exam - General/Store, Training Grounds)General End Users | ~3 min.
DESCRIPTIONThe idea is to search and secure a physical environment by clicking on a violation to fix it within the allotted time.
LEARNING OBJECTIVESBy identifying security violations in a virtual setting, users will learn to recognize similar violations in real life. They will learn to avoid the ‘7 deadly sins of security awareness: misinterpreting email legitimacy, reacting impulsively to scams, over-trusting security controls, oversharing on social media, mishandling devices, neglecting suspicious activity and surrendering to security fatigue.
Integrated Puzzles (Optional)
23
Flags (Critical Mass)General End Users | ~3 min.
DESCRIPTIONThe idea is to examine emails and determine if they are real or phishing by clicking on the areas that the user thinks are suspicious.
LEARNING OBJECTIVESLearn to recognize phishing identifiers within emails such as: urgency, malicious links, malicious attachments, and spoofing.
Classify (Critical Mass)General End Users | ~2 min.
DESCRIPTIONThe idea is to properly handle a range of different data and material while categorizing it appropriately. The user will either need to swipe left or swipe right to classify the information into buckets, “public” or “private.”
LEARNING OBJECTIVESBy categorizing the information (and learning from any miscategorizations), users will intuitively learn the differences between “internal only,” “confidential,” “private,” “public.”
Scan (Simon Says)General End Users | ~2 min.
DESCRIPTIONThe idea is to use a network device scan to determine which devices are using default credentials. The devices using default credentials are perfect for cyber criminals to take over!
LEARNING OBJECTIVESUnderstand the risk of failing to change the default credentials on IoT devices and how vulnerable it leaves you.
Camera (Physical Escape Room)General End Users | ~2 min.
DESCRIPTIONThe idea is to determine the default credentials to access a network control webpage and learn what what information is considered Personally Identifiable Information (PII).
LEARNING OBJECTIVESUnderstand the risk of not changing default credentials, and better understand what information is considered PII.
Integrated Puzzles (Optional)
24
Phishing (Physical Escape Room)General End Users | ~3 min.
DESCRIPTIONThe idea is for the user to be presented with two emails and decide which one they think is the more believable phishing email.
LEARNING OBJECTIVESIn the process, you will intuitively learn how an attacker exploits your trust so you can develop a sharper sense of defending against them.
Raw Phish (Physical Escape Room)General End Users | ~2 min.
DESCRIPTIONThe idea is to select which email log is most likely to be malicious by examining the original messages logs.
LEARNING OBJECTIVESIn this process, you will intuitively learn how a security operations team uses the headers in a suspicious email to investigate whether or not the email in question is phishing or spam.
The Social (Simon Says)General End Users | ~3 min.
DESCRIPTIONThe idea is for users to find the location of the target by searching for his location data posted public on social media.
LEARNING OBJECTIVESIn addition to learning the mechanisms through which social media tracks people, users will also intuitively learn that their privacy is at risk and that steps to reclaim that privacy include removing location data from sensitive posts online.
Integrated Puzzles (Optional)
25
Social Connection (Physical Escape Room)General End Users | ~2 min.
DESCRIPTIONThe idea is for users to sabotage a person’s social networking account that has been used to spam other accounts on the same networking platform. The goal is to go to a site, use the saved credentials that have been “saved” by the browser, and delete all connections. The number of connections deleted will be used as a passcode for a larger puzzle.
LEARNING OBJECTIVESUsers will learn that cybercriminals commonly create artificial social media profiles and “friend request” targets to gather more information during their reconnaissance phase. By denying such requests, users will protect sensitive personal and corporate information from unnecessary exposure (e.g. database languages, emails, etc.).
Piktrhub (Physical Escape Room)General End Users | ~2 min.
DESCRIPTIONThe idea is for players to navigate to a website that requires them to agree to the terms and conditions displayed. Players are given feedback based on if they scroll through the terms and conditions prior to accepting them.
LEARNING OBJECTIVESUsers will be reminded of the many accounts they have set up online and the common practice of skipping through the fine print of an end-user license agreement (EULA). By skipping through the fine print, the users will learn that they are ignoring infringements of their privacy.
Integrated Puzzles (Optional)
26
Craft a Phish V2 (Entrance Exam - General, Born Secure - Store, Training Grounds)General End Users | ~2 min.
DESCRIPTIONThe idea is for users to place themselves inside the mind of a cybercriminal and learn to ‘craft a phishing email’ by using enticing words and imagery.
LEARNING OBJECTIVESBy crafting a phishing email from the perspective of an attacker, users will intuitively learn ways in which people are exploited by trickery and persuasion via email. Phishing can be obvious but it can also look and feel all-too-real. It’s easier to spot a phishing email when you think like an attacker and not like a victim. Examples of phishing indicators include: Misspelled web links; Unfamiliar file extensions; Prompts to allow unusual programs to download.
Corkboard (Entrance Exam, Training Grounds)General End Users | ~2 min.
DESCRIPTIONThe idea is to connect the WHO, WHAT, HOW, and WHY of attacks carried out by cyber criminals to build a picture of the crimes committed.
LEARNING OBJECTIVESThe users will better understand the high level approach of WHO, WHAT, HOW, and WHY certain cyber crimes occur. This will help users to increase their ability to prevent attacks from being successful or even possible in the first place.
Emoji Passphrase (Entrance Exam)General End Users | ~1 min.
DESCRIPTIONThe idea is to solve the cybersecurity riddles and use the emojipedia to determine the creative passphrases.
LEARNING OBJECTIVESThe users will intuitively learn the importance and strength of using creative passphrases to secure their accounts.
Integrated Puzzles (Optional)
27
Dating Game (Entrance Exam - General, Entrance Exam - Store, Training Grounds)General End Users | ~1 min.
DESCRIPTIONThe idea is to determine which person has the best cyber hygiene by asking them questions and basing your answer off of their responses.
LEARNING OBJECTIVESThe users will intuitively learn how to improve their cyber hygiene by examining the questions and answers provided by the individuals being examined. It will also help users to better understand the importance of cyber hygiene and that their hygiene affects others as well.
Vishing V2(Entrance Exam - General, Entrance Exam - Store)General End Users | ~1 min.
DESCRIPTIONThe user will step into the mind of a cybercriminal to carry out a vishing call against Western Marketing to understand how criminals manipulate and lie to steal information from victims.
LEARNING OBJECTIVESThe users will intuitively learn how to identify vishing attacks and defend themselves against them by better understanding the tactics used by cyber criminals.
Incident Response CYOA (Entrance Exam - General, Entrance Exam - Store)General End Users | ~1 min.
DESCRIPTIONThe idea is to take the position of response manager and attempt to correctly respond to the many cyber related problems that can occur at work as well as mitigate the attacks that weren’t able to be prevented.
LEARNING OBJECTIVESThe users will learn about different cyber related incidents and how quickly they can pile up. They will also learn how to identify,respond ,and mitigate these incidents.
Malware Unscrambler(Webb of Lies)General End Users | ~1 min.
DESCRIPTIONThe idea is for users to be presented with a malware scrambled word puzzle challenge, that must be unscrambled to reveal a hidden malware definitions.