Security Awareness Training
Phishing awareness, social engineering defense, and security culture.
Overview
Humanๅ ็ด ๆฏๅฎๅ จไธญๆ่ๅผฑ็็ฏ่ใ
Training Topics
Phishing Recognition
Architecture Diagram
Red Flags:
โ Urgent language
โ Unexpected attachments
โ Suspicious links
โ Request for credentials
โ Poor grammar/spelling
Password Security
Architecture Diagram
Strong Password:
โ 12+ characters
โ Mix of letters, numbers, symbols
โ No dictionary words
โ Unique per account
โ Password manager usage
Social Engineering Types
| Type | Method | Defense |
|---|---|---|
| Phishing | Verify sender | |
| Vishing | Phone | Don't share info |
| Pretexting | Impersonation | Verify identity |
| Baiting | USB drops | Don't plug unknown devices |
| Tailgating | Following | Challenge strangers |
Phishing Simulation
# Simple phishing detection
def check_email(email):
red_flags = []
if "urgent" in email.subject.lower():
red_flags.append("Urgent language")
if email.sender not in trusted_senders:
red_flags.append("Unknown sender")
if any(link in email.links for link in suspicious_domains):
red_flags.append("Suspicious links")
return red_flags
Security Culture
- Leadership Buy-in โ Management support
- Regular Training โ Ongoing education
- Positive Reinforcement โ Reward good behavior
- Incident Reporting โ Safe reporting culture
- Continuous Improvement โ Update training
Metrics
| Metric | Target |
|---|---|
| Phishing click rate | < 5% |
| Report rate | > 60% |
| Training completion | > 95% |
| Incident response time | < 1 hour |
Practice
Conduct a phishing simulation and analyze results.