Duration 1 day – 7 hrs
Overview
This training course introduces the essential principles of information security, aimed at protecting the confidentiality, integrity, and availability of organizational data. It covers security threats, risk management, cybersecurity practices, policies, and user responsibilities in maintaining a secure environment. Designed for all employees, the course fosters a culture of security awareness and equips participants with the knowledge to identify risks and respond effectively.
Objectives
- Understand the key principles of information security
- Recognize common types of threats and vulnerabilities
- Apply basic security controls and best practices
- Follow organizational policies for data protection and cybersecurity
- Respond appropriately to incidents and breaches
- Foster a secure workplace culture and avoid risky behavior
Audience
- All employees and staff (technical and non-technical)
- Managers, team leads, and department heads
- HR, finance, and operations personnel handling sensitive data
- IT support and helpdesk staff (introductory level)
- Anyone responsible for accessing or managing digital information
Prerequisites
- No prior technical background required
- Basic computer and internet usage familiarity recommended
Course Content
Module 1: Introduction to Information Security
- What is information security?
- The CIA triad: Confidentiality, Integrity, Availability
- Regulatory and organizational importance
Module 2: Common Security Threats
- Phishing, malware, ransomware, and social engineering
- Insider threats and human error
- Case studies and recent real-world attacks
Module 3: Passwords and Access Management
- Strong password practices
- Multi-factor authentication (MFA)
- Role-based access and least privilege
Module 4: Safe Use of Devices and Networks
- Securing mobile devices and remote work
- Safe internet and email usage
- Avoiding unsecured networks
Module 5: Data Protection and Privacy
- Handling sensitive and personal data
- File sharing and cloud storage safety
- Compliance with data protection laws (e.g., GDPR, local regulations)
Module 6: Responding to Security Incidents
- Identifying and reporting suspicious activity
- Organizational incident response protocols
- What to do in case of a breach or loss
Module 7: Security Best Practices and Culture
- Physical security and clean desk policy
- Avoiding risky behavior
- Promoting a security-conscious workplace
Optional Add-ons (for IT/Admin Staff):
- Intro to encryption and firewalls
- Endpoint protection and patch management
- Security policies and audit basics
