Embed Size (px)
Citation preview
Layer 8 Toolkit™ - Datasheet
That Security Thing™ – for your employees
That Security Thing™ is the area where your employees go to read, listen and test their security knowledge. Aligned to ISO27001 and PCI-DSS, its monthly themed content explores topics such as:
BYOD
insider threat
social engineering
data breaches
personal responsibility
privacy and ID theft
cloud computing
cyber crime
social media and apps
travel security
And continually provides advice on control objectives such as:
working remotely
mobile devices
obtaining advice and reporting
passwords
protecting against social engineering attacks
secure browsing
phishing, spear phishing, email spoofing
unauthorised access
malicious software – viruses, spyware, adware, etc
in person, physical attempts to gain unauthorised access to workplace facilities
physical security
the impact of a data breach
the organisation’s Security Awareness Policy
secure e-mail practices
instant messaging
use of wireless hotspots
©
The Layer 8 Toolkit™ is a unique security training package. It is housed on a web-based portal, providing access for every one of your employees in and out of the office. It is designed to raise awareness of security across your organisation and
stimulate positive behavioural change.
A new edition is available every month, and each one covers a different security topic, ensuring your employees are kept up to date with the latest risks and threats.
The Layer 8 Toolkit™ is training that doesn’t feel like training, presented in an original format with content which encourages personal responsibility, generates conversations and motivates best practice. For the security chief, it provides support in terms of information management, and guidance to measure change and develop the security
culture of your organisation.
Layer 8 Toolkit™ - Datasheet
The content is unique in its delivery because:
It engages people with lively, fun and amusing elements in written and audio forms.
It provokes thought, with interesting articles of personal relevance, scenarios that ‘involve’ the user and by posing questions with no easy answer.
It generates conversations by offering activities that get people talking, by encouraging teamwork, by keeping security on everyone’s agenda every day.
Information is retained because it uses stories, dramatic scenarios and analogies that make it accessible and which have emotional triggers to help messages stick.
Layer 8 Toolkit™ – Datasheet
www.layer8ltd.co.uk
The content within That Security Thing™ arrives in a number of different formats, so people have the choice about how they learn
The Newsletter
Each month there will be 7 articles on the edition’s particular topic:
A Welcome: an introduction to the topic of the edition, highlighting its relevance to the reader and their organisation.
An overview: an article taking an angle on the topic and presenting a case for best practice.
A thought piece: opening up a security theme underlying the topic, to do with an aspect of culture, psychology or behaviour.
‘The Problem Page’: a scenario inviting the user to step into the shoes of someone facing a security problem and help them find an answer.
‘Harry the Hacker’: an amusing dramatic monologue, looking at the topic from the perspective of a data thief.
‘It’s a bit like...’: uses an interesting analogy to help readers better understand the topic and see security in more interesting ways.
‘Quick Wins for Busy People’: If you do nothing else this month, do these three simple things. The Audio
The Talking Security podcast: a lively round-table discussion on the monthly theme.
Plus, some items of the newsletter have an audio version for people to stream.
Layer 8 Toolkit™ – Datasheet
www.layer8ltd.co.uk
The Daily Doos
Every day your employees receive a 1-minute ‘doo’,
including factoids, tasks and tips to improve their security behaviour.
What Would You Do?
A monthly compliance test with a difference.
Using scenarios that discover what people are actually doing, as opposed to what they think they should do.
Providing security chiefs with measurable information about awareness and behaviour.
Gaming
There’s also a gaming feature to add some fun, where engagement means points and rewards.
Layer 8 Toolkit™ – Datasheet
www.layer8ltd.co.uk
The Layer 8 Toolkit™ – for the Security Team Culture change is specialised and requires sustained action on a number of fronts. As an ‘extra member of your team’, Layer 8 is here to support you on this journey. On your area of the site, you have access to 6 areas:
Leadership Pack: Each month you’ll receive a number of items designed to help you make the most of the Toolkit and effect cultural and behavioural change across your organisation. There will be information, ideas, activities and resources about your role as leader, training your employees and making the business case for security – and getting your voice heard.
Metrics Pack: A comprehensive means to track and record how employees are engaging, how many have accessed That Security Thing, how they are answering ‘What Would You Do?’ etc.
Portal Pack: Giving you easy access to That Security Thing.
Engagement Pack: A survey to gauge culture change, sent out bi-annually, and measuring awareness, behaviour and values. You have access to the metrics to compare results over time and see improvements.
Management Area: Where you can manage your staff list.
Layer 8 Live: Where you’ll be informed about upcoming events and you can keep track of them, with opportunities for additional face-to-face training etc.
Layer 8 Toolkit™ – Datasheet
www.layer8ltd.co.uk
Layer 8 Toolkit™ – Datasheet
www.layer8ltd.co.uk
“Working with © Dramatic Developments has enabled me to make the
seemingly impossible, possible.
When we discussed building a security team of 25,000 employees I
couldn’t imagine how this could be achieved without spending a lot of
money.
© Dramatic Developments have shown me this is possible and
provided the framework and support in which to achieve this.”
Accessibility
Content is delivered through the browser.
Portal will be fully accessible to mobile and fixed devices.
Size available for phone / phablet, tablet and desktop.
Each end customer organisation will have their own unique URL (eg https://somedomain.com/EC06D886-4E39-46C4-92E8-652997D6163B).This will be used to distribute within their organisation. From this, users will be able to self-register.
Each user within an end customer will have their own unique URL. When they register, they will be sent this via email and access to their area will be through this URL along with the email address. There will be no need for a password – reducing the barriers to access.
Access to the Management Area is protected with a password.
The Portal is encrypted with SSL 2048 bit cipher technology.
Data
In customer setup screens, it will be possible to define organisational structures (departments, business units) using custom fields. This will enable reporting of statistics at organisational unit level. Users will identify where they belong as part of their sign up process.
Security
The codes are generated at a rate of 10,000 per second and are unique to the hardware that the application is hosted on. The code is not sequential and consists of 20 random alpha-numerics. You cannot just change 1 character and access another account. All 20 characters are different and this is even more secure in that the company also has this code and the user has to present both. If the company code is not correct for the user then access is denied.
Management
A user can have their link resent to them should they lose it. This process is user managed and requires no support function.
