Security Training is an activity designed to help users understand their role in preventing attacks.
Training is the investment that makes it possible to enhance the value of the efforts put into safety. SecSI, having assessed the needs of the company, offers training course packages of different types in order to provide courses tailored to the customer.
Security Awareness Training
Basic course that is aimed at non-technical staff to raise the level of staff awareness of information securityBasic course that is aimed at non-technical staff to raise the level of staff awareness of information security
Phishing
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information or to deploy malicious software on the victim’s infrastructure like ransomware. Although it is typically associated with emails, they are not the only way a phishing attack can happen. In fact, it can be also carried out through SMS (smishing), voice calls (vishing) and social media. Those messages may be specifically tailored to target different members of your organization that can also be high-ranking executives (like the CEO) and whose compromise could permit the attacker to gain access to more sensitive data than what hacking a low-level employee could guarantee. This means that every member of the organization should be aware of these types of attacks.
Passwords
Passwords are the most used authentication method and this is the reason why most of the attacks are focused on compromising them. Users tend to use passwords that are not strong or secure enough in order to make them be easy to remember. This puts at risk not only their personal data, but also the data of the entire organization. The entire staff needs to be trained to use a password policy that allows to mitigate the risk of password compromise. This can include a minimum password complexity but also instructions on how to use the password itself, like avoiding the use of the same password for different accounts.
Data Security
As of today, data is the most valuable asset of an organization. Unfortunately, employees often do not pay enough attention on how they treat these data and this can cause an information disclosure or, even worse, the complete compromise of the organization. Some examples are represented by employees who deal with confidential data through their personal accounts or devices which can be hacked, or by employees that simply do not secure that confidential data enough. Training on what are the best practices to follow to avoid these problems is hence needed.
Physical Security
Physical security is often overlooked, but it is actually just as important as digital security. A computer screen left unlocked or a Wi-Fi password written on a sticky note on the desk are only two of the endless examples that can be made of bad office hygiene that can lead to the complete compromise of an organization. Even if your organization does not let strangers in, an insider could potentially take advantage of this unsecured information. This means that training on how to ensure an high level of physical security is absolutely required.
Advanced Technical Training
Advanced course for technical personnel that provides high-profile training and can be calibrated to topics of specific interest to the client company.
Security Coding
The Security Coding course is aimed at improving the cybersecurity skills of your company’s developers. Through this course, developers will be able to understand what cross-site-scripting, or SQL injection, is, and have the ability to write more robust code, and reduce the likelihood of vulnerabilities in the source code.
Network Security
The Advanced Network Security Course for System Administrators is designed to provide IT professionals and system administrators with the skills needed to effectively protect corporate networks from constantly evolving cyber threats. This course provides a comprehensive overview of network security best practices, focusing on the specific needs of system administrators.
Ethical Hacking
The Ethical Hacking Course is designed to train cybersecurity experts who can identify, assess, and resolve cyber vulnerabilities and threats through ethical and authorized methods. Through this course you will learn the main attack techniques used by hackers, and you can use this knowledge to become a Penetration Tester.
Web and Mobile Hacking
The Web and Mobile Hacking Course is designed to train cybersecurity professionals who specialize in identifying and eliminating vulnerabilities in websites, web applications, and mobile apps. This course provides an in-depth understanding of the techniques used by hackers to exploit these vulnerabilities and how to ethically prevent them.
Docker Security Playground
We are also the creators of Docker Security Playground, a tool to create network and network security scenarios and learn penetration testing techniques by simulating vulnerability labs scenarios. Check it out!