Introduction to Security Awareness Campaigns
3.5 (21 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
118 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Introduction to Security Awareness Campaigns to your Wishlist.

Add to Wishlist

Introduction to Security Awareness Campaigns

Understanding how awareness offers tangible results in reducing the likely hood of successful social engineering attacks
3.5 (21 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
118 students enrolled
Created by Michael Goedeker
Last updated 2/2015
Current price: $10 Original price: $30 Discount: 67% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 2 hours on-demand video
  • 4 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Choose the right security policy to begin with (if starting out)
  • Communicate the components and why you have them on the security policy
  • Use Awareness to lower risk of social engineering attacks
  • Communicating basic security principles
  • Understanding how, what and why (criminal) hackers attack
View Curriculum
  • Be familiar with basic principles of Security and Information Technology

Security Awareness Campaigns is about the components and reality of what makes awareness campaigns successful and which components are needed in it. This course will cover the basics of a security awareness campaign that is aimed at increasing security levels by addressing social engineering attacks and communicating the basics of awareness and threats companies face today.

Learn the basic concepts of security awareness campaigns, quickly and easily!

This course goes through relevant research into successful and failed attempts at increasing awareness, also going through complex standards and making them simple and easy to understand.

The full version gives you research, tips and information you need to be successful in creating your own security awareness campaign.

There are over 22 lectures in the full version that cover:

  • Introduction to security awareness campaigns
  • What components are needed
  • Security Drivers
  • Vulnerabilities that companies face
  • Business value of campaigns
  • Components of the awareness campaign
  • Security Policy
  • Laptop and Desktop
  • Mobile Devices
  • Data Security and Encryption
  • Incident Response
  • Change Management
  • Security Organization
  • How awareness mitigates risks
  • Practical examples of how awareness has stopped attacks in reality

This course goes through materials and actual projects and gives you the simple scoop on how to create great awareness campaigns that work and which elements you can use in your awareness campaign. It also goes through information that is also important for everyone to know, even if you do not create an awareness campaign, it will help you understand basic concepts.

Who is the target audience?
  • People who work in security, management and business
  • Directors, CIO's, CISO's, Consultants
Students Who Viewed This Course Also Viewed
Curriculum For This Course
24 Lectures
Basics of Security and Awareness
5 Lectures 31:28

In order to understand why and what is needed in a security awareness campaign, we first need to understand what security principles are important and what they mean to the business and users.

Preview 10:08

Security Drivers of Awareness

This lecture discusses the objectives of a security awareness campaign.

Objective of awareness campaigns

This lecture goes through some of the areas that are vulnerable in a company. These areas are also used as a guideline (depending on which ones come up in either internal or external audits.

Areas of Vulnerability in an enterprise, agency or institution

Training methods and a schedule enable the security team to plan and tailor the message to various different groups and skill sets. Tailoring the campaign is one of the best ways to ensure that all groups accept and understand the policy and recommendations.

Training & Communication Plan, Training Methods and Schedule
Components of Awareness Campaigns
13 Lectures 01:02:58

Executive buy-in in security awareness campaigns is critical to its overall success, only when executives support an initiative will it actualy result in the desired behavioral changes.

Executive Buy-In

Identifying assets that need to be protected and how they will be protected is a vital part of any security initiative.

Risk Management (Assets, what risks the company faces, etc.)

Security policies are the glue to an organization and the security teams effort to keep things safe. When people understand the policy and its mechanisms then an organization can more easily identify threats and stop them. This section includes some examples of complex and really good (simple) policies that are accepted faster than more complex ones.

The Security Policy
5 pages

Passwords and applications seem to go hand in hand. Most attacks are aimed at cracking passwords in order to obtain data or critical information from an enterprise. When users understand the risks associated to weak passwords and their information, then they can make the right decisions to create better passwords that protect themselves and a company.

Logons and password security

Some components in the campaign equate to savings faster than others. Antivirus and personal firewalls are a basic component in any policy or awareness campaign. As cyber threats increase, so does the importance on detection and remediation. The caveat is that this software only helps to an extent as many cyber threats are starting to circumvent traditional scanning methods in order to infect a users laptop or desktop.

Anti Virus, Personal Firewalls and Co.

Many people forget that others can look over your shoulder when you use a computer. With basic precautions everyone can increase personal security and protect their data and information from criminal hackers.

Laptop and Desktop Security Guidelines and Best Practice

In 2015 (more than ever) we can no longer picture a world in which smartphones and tablets don't exist. As these mobile devices have gotten faster and have more memory, companies look at these devices to take over certain areas thought to be excusive to laptops. With added features we also have more risks when using these devices on the road or at your local café. Don't get scammed by cyber threats because you don't know the threats.

Mobile Security Guidelines and Best Practice

We hear a great deal about threats every day but what and how do they happen when you browse the internet? Some way is attackers are successful is by using infected websites that "host" malware downloads, other areas that you can use to secure your activities is by using secure and encrypted connections when browsing. We don't have anything to hide, but making things harder for a criminal hacker is the objective.

Secure Internet usage and secure searches as well as browsing

You get an email from someone you don't know, asking you to download a "critical" update or financial document. What do you do? If you are aware of the threats involved with this seemly "harmless" email you will know its how many devices get infected. Don't be conned into clicking on emails and links or files you don't know. Email is not always your friend!

Email Security

This area has only recently become mainstream privately and in the enterprise. Data is the basis for many decisions and task both in our private as well as working lives. By using encryption technology and also being aware of the threats of using usb memory sticks, we can protect ourselves against some of the simpler attacks.

Data Security and Encryption

This lecture discusses the physical security aspects of security policies. When aspects such as tailgating , access card misuse and other aspects of social engineering attacks used by an attacker to get unauthorized access to a building are discussed, it helps everyone be aware of those risks.

Physical Security (The office, other buildings, perimeter and data center)

Campaigns usually forget how changes and the change management process works in an enterprise, but there are so many advantages in talking about the change management process. When people know the process and how to suggest changes, it reduces risks and also speeds up the process in general (making it cheaper). Its a win-win situation!

Change Management

Including information on how and to whom people should respond when an incident or something suspicious happens just makes sense. When we discuss what everyone can do to stop or limit the damage from an attack on the enterprise or institution, then we also reduce the downtime and costs associated with it. Awareness campaigns can be used successfully to lower costs drastically by helping the incident response teams gather information, identify an attacker or be aware of suspicious events. Everyone can help by being responsible for security, its a mindset needed in today's "cyber" world.

Incident Response and Team
Deriving Value from Security Awareness
4 Lectures 10:31

Many things have changed in recent years in regards to IT, IT-Security and the rest of the Business. As Gartner, Forester and others pointed out back in 2001, enterprises now expect technologists to highlight, explain and be aware of the business value of projects they suggest. Many teams that do not understand these concepts ultimately fail. This lecture discusses how you can justify security projects (like awareness) by talking about business value to the company. One tip, IT and Security are CORE business functions.

Deriving value from security awareness initiatives

Social engineering is one of the most difficult areas to protect against because it uses human nature. When teaching awareness, this is one of the core areas to concentrate on so that people learn how to recognize and detect when social engineering is happening. Don't be deceived, this requires the support of many departments including the executives to nurture and create an "aware" culture.

What is Social Engineering? (Definition and certain types of attacks)

So what are the actual attacks that awareness campaigns can actually help with, many are obvious, some not so. This lecture will discuss the areas and how to use that to your advantage.

Common attacks that are mitigated by awareness

We have included some of the research out there that can help you justify the costs of security projects like an awareness campaign by taking neutral and non vendor specific research so that you can make your own mind up as to what and how to save money.

Suggested Reading and Research
12 pages
Course Materials and Presentation
2 Lectures 00:00

Presentation to the course.

Course Presentation
51 pages

This is the supplemental paper / handbook to the course.

Course Paper / Handbook
6 pages
Final Exam
0 Lectures 00:00

This exam verifies you have understood the key concepts of this course and security awareness campaigns in general.

Security Awareness and Awareness Campaigns Final Exam
10 questions
About the Instructor
Michael Goedeker
4.1 Average rating
409 Reviews
7,408 Students
5 Courses
Cyber Security Researcher, Speaker & Trainer, M.Sc. CISSP

Michael has worked on multiple projects globally from architecture to cyber security, working with some of the biggest fortune 50 companies and within the top 5 consulting industry. Some companies he has worked with and for include Accenture, Avanade, Dell, FSC, HP, IBM, Microsoft, Sophos and Symantec.

Michael's company (HakDefNet) currently does research and projects focused on Global Cyber Threats, International Business and Security Leadership and are aimed at making security products, processes, solutions and defense against cyber threats as easy to understand and implement as possible. Michael is also the author of the chapter "Cyber Security: Future IT-Security Challenges for Tomorrow's Leaders and Businesses", and recently participated in an interview with IGI Global Promotions Coordinator Ann Lupold, elaborating on elevating issues in cyber security and cyber espionage, as well as the challenges that leaders and businesses face in confronting such issues. He also has written for various IT, Channel and Business publications and newspapers internationally.

Michael is also certified as an ISO/IEC27001:2013 Lead Auditor and is the first cyber security trainer to ever be keynote speaker at Davos.