2026 Information Security Training & Awareness

[Virtual Presenter] Our organization has a strong commitment to protecting its employees and customers from cyber threats. We have implemented several measures to prevent data breaches and unauthorized access to our systems. However, despite these efforts, we still experience occasional incidents of malware infections and phishing attacks. To address this issue, we are launching a new cybersecurity awareness program for all employees. The program will include regular training sessions, online resources, and a dedicated team to support employees who may have fallen victim to a cybercrime. We believe that by working together, we can significantly improve our overall cybersecurity posture and reduce the risk of future incidents..

[Audio] The structure of our information security program is divided into several key areas. These include information security awareness, information security policy overview, regulatory overview, social engineering and phishing awareness, password and authentication, data protection and privacy, secure use of email internet and devices, identity and access management, incident reporting and escalation, physical security, secure remote work and cloud safety, ransomware and malware prevention, and content. Each area will be covered in detail during this training. The first area to be covered is information security awareness, which teaches you about the importance of being vigilant when it comes to security threats. This includes learning about the different types of security threats and how to identify them. Information security awareness is crucial because it helps prevent security breaches and protects sensitive information. The next area to be covered is the information security policy overview, which outlines the framework for detecting and responding to security incidents. This framework provides a clear understanding of what needs to be done in case of a security breach. The regulatory overview covers the laws and regulations that govern information security. This includes laws related to data protection and privacy, as well as other relevant laws. Social engineering and phishing awareness are critical components of an effective information security program. These topics teach you how to identify and avoid common security threats such as phishing emails and social engineering tactics. Password and authentication are essential components of any information security program. Strong passwords and proper authentication procedures are necessary to prevent unauthorized access to sensitive information. Data protection and privacy are critical components of an effective information security program. Protecting sensitive information from unauthorized access requires careful consideration of data protection and privacy policies. Secure use of email, internet, and devices is also essential. Identity and access management systems should be implemented to control who has access to sensitive information. Incident reporting and escalation procedures should be put in place to quickly respond to security incidents. Physical security measures should be taken to protect sensitive equipment and facilities. Secure remote work and cloud safety protocols should be established to protect sensitive information when working remotely. Ransomware and malware prevention strategies should be developed to protect against these types of threats. Finally, content security measures should be put in place to protect sensitive information from cyber threats. Throughout this training, participants will gain practical skills and knowledge to help protect themselves, their colleagues, and the organization as a whole..

[Audio] I am not able to provide any information about my previous experience as I do not have one. I do not know what type of job I want to pursue. I do not have any relevant certifications or training. However, I am eager to learn and willing to put in the effort required to gain the necessary skills and knowledge. I believe that learning through hands-on experience and practical exercises would be beneficial. I am confident that with dedication and hard work, I can develop the skills needed to succeed in this field. I am excited to start this training program and look forward to gaining the knowledge and skills required to contribute to an organization's information security efforts..

[Audio] The security measures implemented by the Bank for Social Progress (BSP) are designed to protect its customers from various threats such as cyber attacks, data breaches, and physical harm. The bank has established a robust security framework that includes multi-layered defenses against these threats. This framework ensures that the bank's systems and data are secure and protected from unauthorized access. The bank also provides training and awareness programs to educate its employees on how to identify and respond to potential security threats. Additionally, the bank has implemented incident response plans to quickly respond to security incidents and minimize their impact. These measures are designed to prevent losses and protect the bank's reputation. The bank's commitment to security is reflected in its code of conduct, which emphasizes the importance of protecting customer information and preventing data breaches. The bank's security team works closely with law enforcement agencies to stay informed about emerging threats and vulnerabilities. The bank's security measures are regularly reviewed and updated to ensure they remain effective in protecting the bank's customers and assets..

[Audio] The Information Security Policy outlines how we protect our information assets and technology from various types of threats. It sets clear guidelines for responding to security incidents and ensures that our personal information is handled properly throughout its lifecycle. This policy also covers incident management, privacy, and provides an overview of our overall information security strategy. As part of our commitment to protecting our organization's information assets, all employees who interact with our systems and data need to familiarize themselves with these policies. They can be accessed through the BSP intranet..

[Audio] ## Step 1: Rewrite the text in full sentences only Ensure full card numbers are masked to prevent unauthorized access. ## Step 2: Remove greetings Ensure full card numbers are masked to prevent unauthorized access. ## Step 3: Remove introduction sentences Ensure full card numbers are masked to prevent unauthorized access. ## Step 4: Remove thanking sentences Ensure full card numbers are masked to prevent unauthorized access. ## Step 5: Rewrite the rest of the text in full sentences only PCI DSS is a mandatory global security standard applicable to all organizations that store, process, or transmit cardholder data. ## Step 6: Continue rewriting the rest of the text in full sentences only Compliance is critical to safeguarding cardholder information, reducing the risk of fraud, and meeting contractual and regulatory obligations. ## Step 7: Continue rewriting the rest of the text in full sentences only As a BSP employee, it is our responsibility to protect card holder data. ## Step 8: Continue rewriting the rest of the text in full sentences only Maintain a Secure Network to prevent unauthorized access. ## Step 9: Continue rewriting the rest of the text in full sentences only Use strong access control measures to prevent unauthorized access. ## Step 10: Continue rewriting the rest of the text in full sentences only Monitor and test systems regularly to ensure they are secure. ## Step 11: Continue rewriting the rest of the text in full sentences only Comply with all Information security policies to prevent unauthorized access. ## Step 12: Continue rewriting the rest of the text in full sentences only Report incidents related to PCI DSS compliance immediately. ## Step 13: Continue rewriting the rest of the text in full sentences only Never write down full card numbers to prevent unauthorized access. ## Step 14: Continue rewriting the rest of the text in full sentences only Never store CVV codes to prevent unauthorized access. ## Step 15: Continue rewriting the rest of the text in full sentences only Never plug unauthorized devices into bank systems to prevent unauthorized access. ## Step 16: Continue rewriting the rest of the text in full sentences only Never store cardholder data in files, emails, or personal devices to prevent unauthorized access. ## Step 17: Continue rewriting the rest of the text in full sentences only Never use personal devices for payment processing to prevent unauthorized access. ## Step 18: Continue rewriting the rest of the text in full sentences only Never share passwords or ID badges to prevent unauthorized access. ## Step 19: Continue rewriting the rest of the text in full sentences only Never access PCI systems without two-factor authentication (OWCC-PCI and Postilion Web Portal). ## Step 20: Continue rewriting the rest of the text in full sentences only Never disclose customer card information to any third-party to prevent unauthorized access. ## Step 21: Add the characters '.

[Audio] When dealing with suspicious emails, verify the sender's identity before taking any action. Be cautious of spelling errors, unusual sender addresses, as well as unexpected attachments. Also, watch out for spoofed domains and urgent requests to click on links or update passwords. Additionally, be aware of smishing and vishing attacks, which can pretend to be from banks, IT departments, or delivery services. Never provide OTPs, MFA codes, or personal information unless absolutely necessary and only through verified channels. Furthermore, beware of business email compromise scams, where scammers impersonate executives or suppliers to trick employees into approving payments or sharing sensitive information. To avoid falling victim to these types of attacks, do not click on suspicious email links. Instead, report them to the IT or Information Security team immediately. Always ensure that your Outlook settings have been activated to receive phish alerts. By staying vigilant and reporting suspicious activity, you can significantly reduce the risk of falling prey to social engineering and phishing attacks..

[Audio] The system administrators are responsible for maintaining the security of the network infrastructure. They must implement and enforce strict password policies to prevent unauthorized access. The password policy includes requirements for password length, complexity, and uniqueness. The administrators also have to monitor the system logs regularly to detect any suspicious activity. This helps to identify potential security threats early on, allowing the administrators to take swift action to mitigate the risks. Furthermore, they must educate users about the importance of password security and provide guidance on how to create and manage strong passwords. This education process should be ongoing, as new vulnerabilities and threats emerge regularly. Additionally, the administrators must stay up-to-date with the latest security patches and updates, ensuring that their systems remain protected from known exploits..

[Audio] The four main types of data classification are Public, Internal Use Only, External Confidential, and Internal Confidential. These classifications require different levels of protection based on their sensitivity. Public data can be shared freely with anyone, whereas Internal Confidential data is highly sensitive and should be restricted to specific groups. Data protection and privacy are essential for maintaining confidentiality and integrity of sensitive information. Encryption is a key component of data protection, as it ensures that sensitive data remains confidential even when transmitted over insecure networks. Physical files should be stored in secure locations such as locked cabinets or restricted areas. Retention periods for electronic data must be defined to ensure that sensitive information is not retained indefinitely. Electronic data should be securely deleted when no longer needed to prevent unauthorized access. All sensitive physical documents must be properly disposed of, either by shredding or disposing of them into secured bins. When handling customer data or information, strict protocols must be followed to prevent unauthorized access, fraud, or misuse. This includes protecting customer data from AI-generated tools and ensuring that all data is handled responsibly and transparently. Regulatory compliance, customer trust, and transparency and accountability are promoted through adherence to these guidelines..

[Audio] The guidelines provided above are not applicable to all employees. The guidelines are specific to certain roles within the organization. Only those who work in the IT department or have been assigned to handle confidential data should follow these guidelines..

[Audio] The employees of the Bank for International Settlements (BIS) are required to follow certain rules and regulations regarding email usage. The employees must use a BSP-approved email account for all official communications. This includes sending and receiving emails related to banking operations, customer service, and other official matters. Employees who fail to comply with these rules may face disciplinary action. The employees must also be aware of potential risks associated with using non-BSP email accounts for official purposes. These risks include data breaches, loss of sensitive information, and other security threats. To mitigate these risks, employees should take steps to secure their email accounts, such as using strong passwords and two-factor authentication. Additionally, employees must be cautious when clicking on links or opening attachments from unknown senders. These could potentially contain malware or phishing scams. Employees must also adhere to strict guidelines for using USB devices and corporate-approved software. By following these guidelines, employees can significantly reduce the risk of cyber attacks and protect sensitive company data..

[Audio] Identity and Access Management is critical to protecting our organization's most valuable information assets. Every login and access request plays a role in safeguarding these assets. Weak passwords, shared accounts, as well as excessive or outdated access can create significant security risks. To mitigate these risks, we implement Identity and Access Management practices that ensure the right people have the right access at the right time. Strong password policies are implemented to prevent unauthorized access. Secure account sharing is also practiced to minimize the risk of data breaches. Regular access reviews are conducted to identify and rectify any potential security vulnerabilities. Advanced technologies such as AI-powered platforms like Cyber Sierra are utilized to detect and flag access discrepancies. Our Access Governance and Role-Based Control processes manage user access and grant access only to those who need it. This approach helps to protect our organization, colleagues, and customers from security threats..

[Audio] The organization has implemented several measures to prevent security incidents, including the use of firewalls, intrusion detection systems, and antivirus software. The effectiveness of these measures depends on the expertise of the IT staff who implement and maintain them. The IT staff must have the necessary skills and knowledge to configure and update these systems regularly. Furthermore, the IT staff should be aware of emerging threats and vulnerabilities, so they can stay ahead of potential security breaches. The IT staff must also be able to communicate effectively with other departments and stakeholders to ensure that everyone is informed and prepared for security incidents. Effective communication is key to preventing and responding to security incidents. The IT staff should also be trained to handle emergency situations, such as power outages or natural disasters, which can trigger security incidents. This training will enable the IT staff to respond quickly and efficiently to these situations. Additionally, the IT staff should be familiar with the organization's policies and procedures regarding security incidents, including the incident response plan. Familiarity with these policies and procedures will help the IT staff to respond promptly and effectively to security incidents..

[Audio] Physical security plays a critical role in protecting our organization's sensitive information and assets. It prevents data breaches caused by physical access, such as unauthorized individuals entering restricted areas or taking sensitive materials. Moreover, it protects confidential information and assets, reducing the risk of theft, vandalism, and disruption. Effective physical security also supports our overall information security strategy by ensuring that all aspects of our operations are secure. In addition, physical security measures can prevent common threats such as tailgating, piggybacking, trespassing, device theft, and unlocked workstations. These measures include requiring visitors to be accompanied by authorized staff, securing sensitive documents, and reporting any suspicious activity immediately. Furthermore, physical security helps to mitigate common physical threats, such as server room intrusions and unauthorized access to sensitive areas. By implementing these measures, we can ensure the security and integrity of our organization's information assets and supporting technology infrastructure..

[Audio] The employees of a large corporation are required to use the corporate VPN when working remotely. The use of the corporate VPN ensures that all data transmitted between their devices and the company's internal systems is encrypted and secure. Employees who fail to use the corporate VPN when accessing internal systems may inadvertently expose the company's systems to unauthorized access. In addition, employees are prohibited from accessing internal systems without using the corporate VPN. Disconnection is also essential when not in use, as it prevents potential security breaches. Furthermore, employees are advised against using public Wi-Fi networks without connecting to the corporate VPN first. Public Wi-Fi networks can pose significant security risks, so it is essential to avoid them unless absolutely necessary. Unsecured or unknown networks should also be avoided. To secure their home Wi-Fi networks, employees are encouraged to use strong passwords and WPA3 or WPA2 encryption. This reduces the risk of unauthorized access to their networks. Employees are expected to follow these guidelines to maintain the security of their home Wi-Fi networks. Employees are also required to store and share files only on company-approved cloud platforms. This includes no personal Google Drive, Dropbox, or email accounts being used for work-related purposes. Using these platforms can introduce unnecessary security risks, so it is essential to stick to approved alternatives. All company accounts must have two-factor authentication (2FA) enabled. This adds an additional layer of security to prevent unauthorized access to the company's systems. If employees encounter any suspicious login attempts, they must report them immediately. The company takes security very seriously, and prompt reporting helps identify and address potential vulnerabilities quickly. Employees are also required to use corporate-approved platforms for remote meetings and communications. These include Teams and Zoom. Meeting passwords and waiting rooms can be set up to add an extra layer of security. Employees should be cautious about sharing confidential data in public or recorded sessions, as this can compromise the company's security. Employees must always verify the identity of attendees before engaging in a meeting or session. This will help prevent potential security breaches. By following these guidelines, employees will contribute to a safer and more secure environment for everyone..

[Audio] The use of strong, unique passwords and multi-factor authentication has been shown to be effective in preventing infected downloads and software, phishing emails and malicious attachments, compromised websites and links, and using unpatched or outdated software. These measures are essential for protecting sensitive financial information from being accessed by unauthorized individuals. This includes preventing access to large volumes of sensitive financial data, direct impact on money transfers and transactions, and high reputational risk. By implementing these security measures, users can significantly reduce their risk of falling victim to ransomware and malware attacks. Ransomware and malware attacks pose a significant threat to organizations and individuals alike, as they can result in significant financial losses and damage to reputation..