Overview

Regardless of your computer experience, this self-paced e-learning course will help you become more aware of technology related risks and what you can do to protect yourself and your organization from them. In this course, you will explore the hazards and pitfalls of technology and learn how to use that technology safely and securely. The CertNexus CBS-410 exam is included in the course.

Lesson 1: Identifying Security Compliance Measures

  • Identify Organizational Compliance Requirements and Resources
  • Identify Legal Compliance Requirements and Resources
  • Identify Industry Compliance Requirements and Resources

Lesson 2: Recognizing and Addressing Social Engineering Attacks

  • Recognize Phishing and Other Social Engineering Attacks
  • Defend Against Phishing and Other Social Engineering Attacks

Lesson 3: Securing Devices

  • Maintain Physical Security of Devices
  • Use Secure Authentication Methods
  • Protect Your Data
  • Defend Against Malware
  • Use Wireless Devices Securely

Lesson 4: Using the Internet Securely

  • Browse the Web Safely
  • Use Email Securely
  • Use Social Networks Securely
  • Use Cloud Services Securely
  • Work from Remote Locations Securely
Read more +

Prerequisites

No Prerequisites

Read more +

Objectives

In this course, you will identify many of the common risks involved in using conventional computing technology, as well as ways to use it safely, to protect yourself from those risks. You will:

  • Identify security compliance measures.
  • Address social engineering attempts.
  • Secure devices such as desktops, laptops, tablets, smartphones, and more.
  • Use the Internet securely.
Read more +

Outline

Domain 1.0 Compliance

Objective 1.1 Identify organizational security compliance requirements.

  • Types of organizational compliance requirements
    • Password policy
    • Internet usage policy
    • Data protection
    • Personally Identifiable Information (PII)
    • Personal Health Information (PHI)
    • Acceptable Use Policy (AUP)
    • Facility policies
    • Ramifications of non-compliance

Objective 1.2 Identify legal compliance requirements.

  • Types of legal compliance requirements
    • Regulation/law (HIPAA, SOX, GDPR, NISD)

    • Legal consequences of non-compliance

Objective 1.3 Identify industry compliance requirements.

  • Examples of industry compliance requirements
    • PCI DSS
    • ISO 27001
    • NIST

Objective 1.4 Identify security and compliance resources.

  • Organizational compliance resources
    • Handbooks/websites
    • AUP documentation
    • Departments
    • Incident reporting
  • Legal compliance resources
    • Government websites
    • Legal departments
    • Insurance providers

• Industrial compliance resources

  • Industry associations/professional groups

Domain 2.0 Social Engineering

Objective 2.1 Recognize social engineering attacks.

  • Attack vectors (points of entry)
    • Username/password
    • Organizational/personnel information
    • Physical access
    • End-user personal information
    • Email
    • Mobile device
  • Attack goals
    • Data destruction
    • Data theft
    • Financial gain
    • Financial harm
    • Political gain
    • Reputation
    • Revenge
  • High-value targets
    • C-suite
    • AcCounting personnel
    • HR personnel
    • IT personnel
  • Attack types
    • Phishing, (Whaling, Spear phishing)
    • Vishing
    • Smishing
    • Pharming
    • Baiting
    • Pretexting
    • Impersonation (CEO Fraud), deep fake
    • Quid pro quo
    • Tailgating/piggybacking
    • Shoulder surfing

Objective 2.2 Defend against social engineering attacks.

  • Resources to defend
    • Organizational hardware/devices
    • Organizational data
    • Network access
    • Premises access
    • User credentials
  • Mitigation techniques
    • Situational awareness
    • Badging systems/security checks
    • Door locks
    • Verification of requests
    • Proper disposal/deletion of sensitive information
    • Continual education/training
    • Communication
    • Compliance audit

Domain 3.0 Device and Data Protection

Objective 3.1 Maintain the physical security of devices.

  • Organizational and personal devices containing potentially sensitive data
    • Laptops/computers
    • Mobile phones
    • Tablets
    • Removable storage
  • Organizational device-security requirements
    • Limiting the devices that have access to sensitive data
    • Credentials
    • Acceptable devices for data storage
    • Disposal/deletion requirements
  • Digital presence
    • Device logs
    • Temporary files
    • Browser history
    • Cached/saved credentials
    • IoT devices
    • Cloud storage
  • Device physical security techniques
    • Proper storage/disposal/recycling
    • Loss/theft reporting
    • Locking unattended machines/devices
    • BYOD controls (Remote wipe functionality, Location detection)

Objective 3.2 Use Secure Authentication Methods.

  • Something you know
    • Passwords/PINs
  • Something you are
    • Biometrics (Finger print, Facial recognition, Retinal/iris scan)
  • Something you have
    • Authentication apps
    • Key fob
    • Tokens
    • Smart cards
  • Authentication best practices
    • Password managers
    • Covert entry (ensure nobody can watch you enter it)
    • Immediately change following breach/incident
    • Secure storage of passwords
    • Critical importance of protecting email passwords
    • Multi-Factor authentication use when possible
    • Complexity compared to sensitivity of data
    • Unique passwords for all sites and systems
    • Avoiding using easy-to-guess passwords
    • Passphrases

Objective 3.3 Adhere to data and sensitive data protection best practices.

  • Data backups/storage locations
  • Mobile device considerations
    • Information leakage through always-on app functionality
    • Accidental or intentional recording of sensitive data
  • Data security techniques
    • Alerts for access/ deletion of data
    • Data classification
    • Prohibitions against copying/printing
    • Proper disposal of printed data
    • Prohibitions against removable storage devices
    • Prohibition against mobile devices in designated locations
  • Digital presence considerations
    • Device logs
    • emporary files
    • Browser History
    • ached/ saved credentials
    • IoT devices
    • Cloud Storage

Objective 3.4 Identify potential sources of malware and prevent infection.

  • Malware effects
    • System corruption
    • Spying/logging
    • Distracting/annoying
    • Device performance degradation
    • Data hijacking/ransoming
    • Data destruction
    • Blackmail
    • Advertising
  • Malware types
    • Key logger
    • Ransomware
    • Adware/spyware
    • Trojan horse
    • Virus
    • Worm
    • Browser hijacker
  • Malware sources
    • Trick offers
    • Rogue antivirus
    • Free software scams
    • Software piggybacking
    • Confusing or obscured options (custom installations)
    • Unknown/untrusted download sites
    • Open Networks
    • Email attachments
    • Links
    • Scripts in data files/software
    • Advertising banners
    • Infected hardware (USB drives, External hard drives)
  • Malware prevention techniques
    • Careful reading of emails/dialog boxes/offers/pop-ups/etc.
    • Malware prevention software
    • IT approval for software installation
    • Inspection of links before selecting
    • Benefit/risk analysis when installing software
    • General system behavior awareness
    • Use of only known vendors and devices
    • Verified publishers

Objective 3.5 Use wireless devices securely.

  • Common wireless network risks
    • Eavesdropping
    • Unsecure networks
    • Private, Public & Open
    • Rogue access points
    • Evil twins
    • “Remembering” wireless networks
  • Secure wireless device use techniques
    • Public network use prohibitions
    • Encryption (WPA2/WPA3)
    • Securing Wi-Fi passwords
    • Wireless network “forgetting”
    • Evil twin avoidance
    • Misspelled network names
    • Lack of password requirements when they are expected
    • Multiple networks with similar names

Domain 4.0 Online Security and Remote Access

Objective 4.1 Browse the web safely.

  • Well-known browsers
    • Chrome
    • Edge
    • Firefox
    • Safari
  • URL construction
    • HTTP vs. HTTPS
    • Non-encryption vs. encryption
    • Top level domains
    • Domain names
    • Suspicious/spoofed URLs
    • Close spellings/misspellings
  • Safe web browsing techniques
  • Current and updated web browser use
  • Deciphering web addresses
  • Shortened (Bitly)
  • Misspelled
  • Wrong top-level domain (.com v .net)
  • Redirect (changed URL)
  • Unknown add-in, plug-in, toolbar avoidance
  • Not clicking/tapping ads and pop-ups
  • Protocol verification
  • URL verification when using links
  • Typing vs. clicking
    • Bookmarking common sites
    • Caution when using mobile devices (URLs not always visible)

Objective 4.2 Use email securely.

  • Common email use risks
    • Frequent social engineering attacks
    • Security concern alerts
    • Requests for user credentials
    • Malware removal/IT support offers
    • Free offers
    • Monetary/inheritance scams
    • Requests for information
    • Fake invoices from debt collectors
    • Fake credit card expiry notifications
    • Urgent requests form supervisor/ executive level
    • Malicious attachments
    • High-risk file types
  • ZIP/ Compressed files
  • .exe
  • JavaScript
  • Attachment policy/regulation compliance
  • Safe email use techniques
    • Imposter identification
    • Sender name vs. email address
    • Subject line topics
    • Tone/voice/grammar of sender
    • Signature lines
    • Unusual/atypical/urgency requests from seemingly valid sources
  • “Bank” asking for password in email
  • “IT” asking for personal info via email
    • Sender verification
    • Call back/meet in person before responding/clicking
    • Email use policy compliance
    • Attachment considerations
    • Approved third-party cloud storage (Dropbox, Box, etc.)
    • Password protected
    • Encrypted

Objective 4.3 Use social networks securely.

  • Social network security considerations
    • Accidental sharing of sensitive information
    • Combined sources of data (multiple platforms, posts, replies, likes, etc.)
    • Disparaging/revealing comments
    • Representing yourself vs. the organization
    • Sensitive information
    • Lack of control over data and sharing
    • Confidentiality
    • Once posted, always online
    • Consent to data sharing
    • Ambiguous/lengthy confusing security settings
    • Opportunities for social engineering
    • Spoofed accounts
    • Hacked accounts
    • Strong authentication
    • Password
    • Multi-Factor Authentication (MFA)
  • Safe social networking techniques
    • Alignment with organizational social networking usage and policies
    • Thorough research and configuration of security and privacy settings
    • Caution with sharing any potentially sensitive or reputation-damaging information
    • Security of credentials
    • Social engineering awareness
    • Verify connections
    • Verification of content
  • Fact checking

Objective 4.4 Use cloud services securely.

  • Cloud service risks
    • Cloud service spoofing
    • Vendor changes
    • Acquisitions/mergers
    • Out of business
    • Mixing up work and private accounts (digital storage location)
    • Compromising credentials
    • Data persistence
  • IoT device considerations
    • Data collection
  • Safe cloud service use techniques
    • Organizational approval for all cloud-based storage
    • Local backups
    • Extra credential vigilance
    • Secure network connection

Objective 4.5 Working from remote locations securely.

  • Connecting securely
    • VPN
    • Scanning for vulnerabilities (Health check)
    • Anti-Virus Software
  • Home Network Security
    • Password sharing
    • Updated router firmware
  • Separate professional and personal
    • Separate network
    • Devices
    • Data
    • Cloud storage
  • Remote Management / Managed device
  • Smart Home Devices
    • Access point for network entry
    • Shut down smart home devices
  • Collaboration platforms
    • Personal accounts vs. corporate accounts
    • Background
    • Recording
    • Authentication
    • Access to microphone/ video
    • Sharing settings

The CyberSAFE CBS-410 credential is valid for 1 year from the time the certificate is granted. You must take the Recertification Credential for CyberSAFE or take the most up-to-date version of the CyberSAFE credential prior to the 1-year period’s end to maintain a continuously valid certification.

Read more +

What's included

  • Exam included
Read more +
Need to know

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Let's talk

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.