COURSE DESCRIPTION

For us at Excellium Services, our philosophy therefore is “users are a key element of the security countermeasures”. Because with the compromising methods used by the hackers we see, it is a mandatory element to reach an acceptable level of security.
The major challenge in this mission of training the users is to draw their attention and buy-in. To do so, we provide real facts, demos, real life examples or comparisons.

User Module 1: Email Phishing and Social engineering

A Phishing Assessment Campaign will be launched toward the internal users some weeks before the training.
The attack will be based on scenario where a mail is sent with a link to click and a “pseudo malware” delivered via web. The phishing campaign can be run over a long period to reach each employee.
To enhance the enticement, the phishing email will be made using real information related to internal newsflash or event.
A detailed report will be sent to the security officer and the anonymized results will be used as a demo during this training module. A spoofing attack will also be shown during the demo.
The structure of the session will be based on the following content:
• What is a phishing attack?
• Why a phishing attack is dangerous?
• How to detect phishing? (from the user point of view)
• What to do in case of doubt?
The main learning objectives are:
• Draw the attention on this hot subject;
• Get a sense of the potential impact;
• Provide few key advices to detect the attack;
• Provide guidelines (i.e. in case of doubt, in case of click…).
This module will be completed with example of social engineering attacks (phone calls) using information available on internet.

User Module 2: Traveling and mobility
The session will be based on the following content:
• Physical security, in particular the threats linked to the lack of attention of the users to their devices.
• Screen locking;
• Wireless issues;
• Clear text data transmission – when connected to a public Wi-Fi.
Demo: a scenario based on an open wireless network (Airport) will be explained. The goal is to measure the risks to use an untrusted internet connection. We will show how to steal passwords and information just by sniffing the network.

User Module 3: Password management
The session will be based on the following content:
• Why a password is important?
• How to create a strong password?
• What kind of attacks are possible to retrieve the passwords?
• Classical patterns and errors;
• Password sharing issues and impacts.
Demo: password attack by mask and dictionary. The trainer will show how to crack passwords and the associated complexity.

The principle is the following:
• Up to 50 students per session.
• 2 h Workshop.
• A workshop customization / goals with you (objectives, population, planning …)
• Course material provided.
• To respond to a need for more and more important and in order to remain flexible in mobility, course materials and exercises will be available online.