FREE CPE! Get Started Launch Offer - Use Discount Code 'WelComE21'

Retention

Increase Employee Morale, their Skill Set and their Confidence, Eventually Increasing their Retention Rate. e-Learning Course Demos

Retention Training the SecuRetain Way

Immersive e-learning opportunities that push the organization’s employees to give their 100%, thereby experiencing a substantially higher transfer of knowledge and better understanding by making employees feel like an integral part of the organization.
Default

Empower your workforce with affordable e-learning courses and invigorate a positive bond with the organization

Default

Track progress and course completion for yourself or an entire enterprise with SecuRetain Platform

Default

Customize your Retention strategy through selecting specialized courses reflecting your objectives and policies

Default

Use the SecuRetain platform to distribute your training content along with SecuRetain courses in your own private space

Default

Recognized and marketed by Bureau Veritas, one of the world-leading organizations in quality testing and certification services

Corporations can save more than 15% by developing in-house skills. The series of courses aim to enhance end to end knowledge.

Preview e-Learning Courses

Comprehensive Retention based
e-Learning Courses

With SecuRetain’s Retention e-learning programs, employees train with the best-in-class courses that increase employee morale by creating a virtuous cycle that can retain information and knowledge with a greater impact and forge a positive bonding towards the organization.

Learning Outcomes from Retention e-Learning Courses

Retention courses expand knowledge. This rise in the skill set and confidence in workforce eventually increases the retention rate.

  • Access Control
  • Privileged Access Management
  • Cloud Security
  • Data Privacy
  • Facility Workplace
  • Social Engineering
  • Phishing
  • Risk Management
  • Vendor Risk Management
  • Fraud and Audit Management Series
  • ISO
  • FCPA
  • HIPAA
  • HITRUST
  • SSAE 18 SOC
  • FFIEC
  • GDPR
  • NIST
  • FedRAMP
  • Security Frameworks
  • Incident Management
  • Problem Management
  • Breach Management
  • Information Technology General Controls (ITGC)
  • NIST Cybersecurity Framework Fundamentals
  • Payment Card Industry Awareness
  • Malware Ransomware Security Frameworks
  • Fraud Risk Management
  • Business Continuity and Disaster Recovery

SecuRetain’s Retention e-Learning Courses

Browse all Retention e-learning courses available for you on the SecuRetain platform
To search all courses on our SecuRetain platform. Click here!

Access Control Awareness Part I

Objective

Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats.

The experienced and inexperienced information systems user will learn the basics and concepts of access control and its importance. The tools and techniques shared can be implemented in the access management process.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.
  • Course ID: CS00201
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learning the access control basics
  • Understanding the access control challenges
  • Understanding authentication factors and multi-factor authentication.
  • Developing access control policies and procedures
  • Learning about access control models
  • Learning about principles of access controls and types of access controls

Access Control Awareness Part II

Objective

Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats. 

The course will provide employees, security, risk management, compliance, audit, and management personnel with the skills and techniques necessary to embed critical thinking skills in all aspects of access control security. The tools and techniques shared can be implemented in the access management process. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00202
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learning the Access Control Models and Concepts
  • Understanding the Types and Categories of Access Controls
  • Understanding the Testing of Access Controls
  • Learning about Access Control Attacks and Countermeasures
  • Learning about Multilevel Security Models
  • Learning about Authentication and Authentication Methods
  • Learning about common Authentication Protocols.

Anti Money Laundering Awareness

Objective

Money laundering is any act or attempted act to conceal or disguise the source, ownership, or control of money or assets derived from criminal activity. The Bank Secrecy Act of 1970 (BSA) and many other laws internationally requires financial institutions to assist government agencies to detect and prevent money laundering. This awareness and professional development online course will provide an overview of the requirements imposed on those persons subject to the Anti-Money Laundering Law, including information relating to currency transaction reports, suspicious activity reports, and customer identification programs. 

The course is intended to drive a culture of compliance from the top down and demonstrate to regulators and examiners their dedication to a standardized risk-based approach for protecting against money laundering threats and financial crime risks. The course is useful for organizations to satisfy mandatory training requirements within certain industries.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00103
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • What it is and how does it work?
  • Why people and organizations launder money?
  • How money laundering works: basic process
  • Legal consequences for money laundering, including state and federal (U.S.) penalties
  • Applicable laws and regulation
  • Insider trading

Breach Notification Advanced Part II

Objective

Your employees may be the first to identify a potential breach, so they must have adequate knowledge regarding how they should handle such a scenario. Your employees must also understand what steps they should take if they suspect a breach has occurred. The advanced course trains employees on the next steps instead of panicking. The training will educate employees to understand their roles and do’s and don’ts once the breach occurs. 

The course also educates employees on the process of breach communication internal to the organization and very importantly communicating with outsiders. The laws require timely notification to Federal and State government authorities about the breach. The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and
the penalties for failure to comply. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00302
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Breach Management
  • Effective Breach Response
  • Data Breach Checklist
  • Breach Notification Notice Content
  • Notification Timelines
  • Lifecycle of a Data Breach
  • Public Relations Strategy

Breach Notification Awareness Part I

Objective

Your employees must also understand what steps they should take if they suspect a breach has occurred. Not all disclosures will be breaches. So, what is the difference between event, alert, incident, and breach? A (reportable) breach is the unauthorized acquisition, access, use, or disclosure of sensitive/PII/PHI information in a manner not permitted by law or regulation and which compromises the security and privacy. The laws require timely notification to Federal and State government authorities about the breach.

The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and the penalties for failure to comply. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.

  • Course ID: CS00301
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • What is the importance of a breach notification?
  • What is a data breach?
  • In what circumstances would notification of a data breach be required and to whom?
  • When and how should notification of a data breach be provided?
  • Framework for Effective Data Breach Notification Legislation
  • Timing of Notification to Affected Individuals
  • Post Data Breach Immediate Action Items
  • Breach Notification to Authorities

Business Continuity & Disaster Recovery Awareness Part I

Objective

Business Continuity Planning (BCP) is the way an organization can prepare for and aid in Disaster Recovery (DR). BCP and DR are the yin and yang of the IT world. BCP keeps systems running and data available despite interruptions or faults. DR brings systems back to normal operation after a disaster has occurred.

This BCP and DR awareness course will provide every employee in the organization about the basic knowledge about disasters, risks covered by DR, use cases, challenges, DR Plan, etc. The course is essential for the corporations and organizations that must meet various mandates regarding privacy, confidentiality, and availability of systems and data. In order to promote sustainability and employee retainership we recommend the series BCP/DR Part I to BCP/DR Part V training programs for employee knowledge advancement and growth. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.

  • Course ID: DR00101
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Disaster
  • Business Continuity and Disaster Recovery
  • Use Cases
  • Risks Covered by DR
  • Driving Factors
  • Challenges in Developing DR Plan
  • Technical Challenges
  • Key Factors in DR Plan

Cloud Security Awareness

Objective

Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. The training provides a comprehensive review of the knowledge required for understanding cloud computing and its information security risks and mitigation strategies.      

In this extremely competing world of cloud and complex offering, one faces unique security challenges on an almost day-to-day basis. The course is designed to pass on the extensive knowledge the cloud computing concepts, cloud reference architecture, cloud computing security concepts, AWS and Azure Cloud security basics, etc. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00102
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Cloud Security
  • Cloud Basics - Cloud Concepts, Architecture and Design
  • Cloud Service Models
  • Cloud Risk Landscape
  • Cloud Security Domains
  • Cloud Data Security
  • Cloud and AWS
  • Cloud and Azure
  • Cloud Application Security Basics

Data Privacy and Privacy Regulations Part I

Objective

Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy awareness course provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.  

The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, e.g. example, California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00106
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Privacy Imperative
  • Understand Strategic and Tactical Drivers
  • Learn about Privacy Strategy and Privacy Impact
  • Understand the Private Identifiable Information (PII) and Private Health Information
  • (PHI) data
  • Learn about Privacy Impact Assessments
  • Learn about HIPAA and HITECH
  • Learn about GDPR and CCPA
  • Understand the Breach Notification Requirements

Data Privacy and Privacy Regulations Part II

Objective

Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy courses provide all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.  

The protection of US residents’ personal data is regulated by laws enacted on both the national and the state level. The examples of Federal Laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, for e.g., the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00107
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Privacy Imperative
  • Understand Strategic and Tactical Drivers
  • Learn about Privacy Strategy and Privacy Impact
  • Understand the Private Identifiable Information (PII) and Private Health Information
  • (PHI) data
  • Learn about Privacy Impact Assessments
  • Learn about HIPAA and HITECH
  • Learn about GDPR and CCPA
  • Understand the Breach Notification Requirements

Facility Workplace Awareness Part I

Objective

Workplace safety and security is the responsibility of every employee. No workplace is immune to the threat of equipment theft, and loss of sensitive/private information, and intellectual property. Employees are often the target of these threats as well as the organization's first line of defense against them. Threats endanger the confidentiality, integrity, availability, and security of the workplace, virtual workplace, and information systems.

This course presents information on how employees can contribute to your organization's security. The effectiveness of the security program depends on communication and periodic training. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions that need to be taken by employees. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test. 
  • Course ID: CS00109
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

Identify potential risks to workplace security
Measures for improving workplace security
Actions to take in response to a security situation
Facility and Physical Security Perimeter
Badge and Visitors Security
Do’s and Don’ts
Securing Devices and Data in Public
Public Networks and Security
Device Security
1.Laptop
2.Mobile Device Security
Clear Desk



Facility Workplace Awareness Part II

Objective

Workplace safety and security is responsibility of every employee. Employees are increasingly working remotely using internet and emails as well as voice messaging are used for day today work. Threats endanger the confidentiality, integrity, availability, and security of workplace, virtual workplace and information systems.

Facility and Workplace Security Awareness Part II presents multiple use cases and practical examples to illustrate the workplace security challenges. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions needs to be taken by employees. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test. 
  • Course ID: CS00110
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Identify potential risk while working remotely
  • Corporate data and information systems security
  • Physical access control
  • Email Security and practical examples

FedRAMP Fundamentals Part I

Objective

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs). A CSP must have a FedRAMP Authority to Operate (ATO) to provide services to the federal as well as state agencies. 

The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government. Since these assessments are also based on NIST SP 800-53 Rev 4, FedRAMP can be thought of as “FISMA for the cloud” as it inherits the NIST baseline of controls and is tailored for cloud computing initiatives. 

The course is divided into three parts (Part I to Part III) and each covers the various aspect of the FedRAMP program. The users will learn about FedRAMP history, program governance, and administration, Office of Management and Budget (OMB) responsibilities, benefits of the program, how to implement information security controls (NIST SP 800-53) using a federal risk-based (NIST SP 800-37) approach, FedRAMP certification, steps to become FedRAMP compliant, FedRAMP standard operating procedure, initial review SOP/checklists, detailed review checklists, review and approve the procedure, an authorization process, FedRAMP Security Assessment Framework, NIST Special Publications Overview, Implementing NIST 800-53, NIST Special Publications Explained, etc.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CO00801
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand FedRAMP
  • Learn about the importance of FedRAMP 
  • Learn the FedRAMP Strategy and Plan
  • Understand FedRAMP Preparations
  • Understand cloud security opportunities and FedRAMP Benefits
  • Study about FedRAMP certification process
  • Learn the program steps to become FedRAMP compliant
  • Study the Independent Verification and Validation Requirement
  • Learn about certification authorities, governance and stakeholders

FedRAMP Fundamentals Part II

Objective

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs). A CSP must have a FedRAMP Authority to Operate (ATO) to provide services to the federal as well as state agencies. 

The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government. Since these assessments are also based on NIST SP 800-53 Rev 4, FedRAMP can be thought of as “FISMA for the cloud” as it inherits the NIST baseline of controls and is tailored for cloud computing initiatives. 

The course is divided into three parts (Part I to Part III) and each covers the various aspect of the FedRAMP program. The users will learn about FedRAMP history, program governance, and administration, Office of Management and Budget (OMB) responsibilities, benefits of the program, how to implement information security controls (NIST SP 800-53) using a federal risk-based (NIST SP 800-37) approach, FedRAMP certification, steps to become FedRAMP compliant, FedRAMP standard operating procedure, initial review SOP/checklists, detailed review checklists, review and approve the procedure, an authorization process, FedRAMP Security Assessment Framework, NIST Special Publications Overview, Implementing NIST 800-53, NIST Special Publications Explained, etc.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CO00802
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Overview of FedRAMP process
  • Study about FedRAMP certification process
  • Understand the FedRAMP from an agency’s perspective
  • Understand the FedRAMP Standard Operating Procedures
  • Learn about the initial review SOP/checklists
  • Learn about the detailed review checklists
  • Understand the review and approve procedure
  • Understand the authorization process

Foreign Corrupt Practices Act (FCPA) and UK Bribery Act 2010 Part II

Objective

The U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) in 1977 in response to findings that companies had been making hundreds of millions of dollars of questionable payments to foreign government officials, politicians, and political parties. The purposes of this act are to halt the bribery of foreign officials and restore public confidence in the integrity of the American business system. The head of the DOJ's Criminal Division recently described the agency's focus on FCPA enforcement and warned executives and employees of personal accountability for FCPA violations.

This FCPA training course explains the major principles of U.S. anti-corruption laws, persons subject to FCPA, implications, consequences, etc. This interactive FCPA training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, FCPA resources, and hallmarks of an effective compliance program. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00302
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Overview of the FCPA
  • Study the implications of the FCPA
  • Learn about the enforcement and penalties
  • Study the U.S. Sentencing guidelines
  • Understand the SEC and DOJ FCPA guidance
  • Study the DOJ and SEC hallmarks of an effective compliance program
  • Learn about the DOJ’s evaluation of compliance programs
  • Learn about UK Bribery Act 2010
  • Study the UK Bribery Act 2010 provisions
  • Study the consequences of non-compliance with the Bribery Act 2020 – Case Study

Foreign Corrupt Practices Act Awareness (FCPA) Part I

Objective

The U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) in 1977 in response to findings that companies had been making hundreds of millions of dollars of questionable payments to foreign government officials, politicians, and political parties. The purposes of this act are to halt the bribery of foreign officials and restore public confidence in the integrity of the American business system.

The head of the DOJ's Criminal Division recently described the agency's focus on FCPA enforcement and warned executives and employees of personal accountability for FCPA violations. This FCPA training course explains the major principles of U.S. anti-corruption laws, persons subject to FCPA, implications, consequences, etc. The course is based on the FCPA Resource Guide released by the DOJ and SEC. This interactive FCPA training course will ensure employees at all levels understand their roles and responsibilities in protecting your company from the risk of bribery and corruption. The section ‘Consequences of Non-Compliance’ will educate employees on the ‘do’s and don’ts of FCPA’. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00301
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Foreign Corrupt Practices Act (FCPA) Global Perspective
  • Overview of the FCPA and UK Bribery Act
  • FCPA Key Concepts
  • Anything of Value
  • Foreign Officials
  • Persons Subject to the FCPA
  • Implications of the FCPA
  • Consequences of Non-Compliance
  • Enforcement and Penalties
  • Effective Compliance Program & amp; Red Flags
  • DOJ’s Evaluation of Compliance Programs

Fraud Management Part I

Objective

The Association of Certified Fraud Examiners (ACFE) published the results of the survey in its 2018 Report to the Nations on Occupational Fraud & Abuse. Organizations around the world lose an estimated 5% of their annual revenues to fraud, according to a survey of Certified Fraud Examiners (CFEs) who investigated cases between January 2016 and December 2017. Internal fraud is an illegal act of employee against the company, and external fraud is perpetrated against the company by customers. 

The course is designed to ensure employees understand internal fraud, external fraud, corruption, asset misappropriation, financial statement fraud, the scale of the problem, factors contributing to fraud, and the national and international regulatory requirements in the ten-part series of fraud management courses designed to educate employees, managers, and management. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: FR00101
  • Duration: 0 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand Fraud and Examples of Fraud
  • Understand the Different Types of Fraud
  • The Scale of the Problem
  • Learn about Fraud Triangle Components
  • Understand the Fraud Tree
  • Learn about Factors Contributing to Fraudulent Behavior or Why People Commit Fraud
  • Learn about Who Commits Fraud
  • Knowledge of Common Fraud Schemes
  • Understand Fraud Response
  • Management Preventive Steps

Fraud Management Part II

Objective

The Association of Certified Fraud Examiners (ACFE) published the results of the survey in its 2018 Report to the Nations on Occupational Fraud & Abuse. Organizations around the world lose an estimated 5% of their annual revenues to fraud, according to a survey of Certified Fraud Examiners (CFEs) who investigated cases between January 2016 and December 2017. Risk is any threat to the business and represents the uncertainty and inability of the corporation to achieve its goals. The organization needs to create an organizational culture and structure conducive to fraud risk management.

The tone at the top should reflect the perception of fraud detection and prevention. The course is designed to ensure employees understand fraud risk management basics, how to develop a fraud risk management program and fraud risk governance. The course is Part II in the ten-part series of fraud management courses designed to educate employees, managers, and management. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: FR00102
  • Duration: 0 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand Fraud Basics
  • Learn Fraud Risk Management Basics
  • Understand How to Document Roles and Responsibilities
  • Understand the Objectives of Fraud Risk Management Program
  • Learn How to Develop a Fraud Risk Management Program
  • Understand Fraud Risk Management Framework Basics
  • Understand the Importance of Fraud Risk Governance
  • Learn How to Plan for Fraud Risk Assessments
  • Learn About Effective Fraud Risk Assessment Requirements

General Data Protection Regulation (GDPR) Part I

Objective

With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. EU law protects all personal data, regardless of who collects it or how it is processed. 

EU data protection law provides data subjects with a wide range of rights that can be enforced against enterprises that process personal data. The course content in Part I is focused on understanding GDPR driving factors, PII data types, the concept of identifiable personal information, and GDPR basics. The study includes learning about GDPR principle, controller and processor definitions, roles and responsibilities and lawful basis of data processing. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.

  • Course ID: CO00701
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand the GDPR driving factors
  • Learn about different type of PII data
  • Learn about identifiable personal information
  • Understand GDPR basics
  • Learn about the controllers and processor
  • Study GDPR principles
  • Understand the six lawful bases for processing

General Data Protection Regulation (GDPR) Part II

Objective

With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to ‘personal data’, which means any information relating to an identified or identifiable person. The information can help directly or indirectly identify a person. 

The GDPR applies to the process carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU. The course content in Part II provides an understanding of the data subject rights, GDPR accountability and governance principles, and data protection officer role. It explains the very important concepts of privacy by design, code of conduct principle, and data protection impact assessment.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CO00702
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about data Subject Rights
  • Learn about Accountability and Governance principle
  • Understand Privacy by Design
  • Learn about the Data Protection Officer Role
  • Study the privacy Codes of Conduct principle
  • Understand Data Protection Impact Assessments (DPIA)

Health Insurance Portability and Accountability Act (HIPAA) Awareness

Objective

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 U. S. law that provides privacy standards to protect patients’ medical records and other health
information provided to health plans, doctors, hospitals, and other health care providers. Covered Entities, Business Associates, and Business Associate Subcontractors are all responsible for complying with HIPAA regulations. Section 164.308 (a)(5)(i) Security Awareness and Training Standard requires organization to implement a awareness training program.

The course is designed for the organizations that must comply with HIPAA requirements. The employees will learn about HIPAA, HITECH, Omnibus Rule and Chapter 181 - Texas Medical Records Privacy Act requirements for protecting Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) data.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00102
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about HIPAA and HITECH
  • The Security Rule, The Privacy Rule, The Breach Notification Rule, Omnibus
  • Rule. Chapter 181, Texas Medical Records Privacy Act
  • Understand How Health Care Privacy Laws affect your organization
  • Understand HIPAA IT Security Risk Assessment
  • Learn about Administrative, Technical and Physical Safeguards
  • Learn about Covered Entities
  • Learn about Use and Disclosure of PHI
  • Understand How HIPAA and HITECH are Related
  • Learn about HITECH and Breach Notification

HITRUST Foundation Part I

Objective

HITRUST Alliance is composed of leaders from the healthcare industry in the pursuit of a more coherent approach to healthcare security. The HITRUST security maturity evaluation and points process awards healthcare providers a certification. This certification verifies that the company followed the Common Security Framework (CSF). The latest version, CSF 9.3, consolidates multiple regulations. The HITRUST series of courses are incredibly useful for the organization in the right scoping, selection of risk factor-based controls level, correctly applying HITRUST scoring, planning for certification, and more.

The HITRUST Foundation Part I course is designed to ensure employees understand the importance of HITRUST and fulfill the HITRUST training requirements. The series of HITRUST courses are useful for compliance, cybersecurity, information technology, and audit professionals to enhance security and compliance skills.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00601
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand HITRUST basics
  • Learn about HITRUST framework
  • Understand the HITRUST driving factors
  • Study the HITRUST maturity model
  • Understand the HITRUST scoring model
  • Learn about the implementation and certification process
  • Study how to certify
  • Understand the criteria for certification

HITRUST Implementation Part II

Objective

The HITRUST security maturity evaluation and points process awards healthcare providers a HITRUST certification. This certification verifies that the company followed the Common Security Framework (CSF). The latest version, CSF 9.3, consolidates multiple regulations. The HITRUST Foundation Part II course is detailed guidance for the organization in the right scoping, selection of risk factor-based controls level, correctly applying HITRUST scoring, planning for certification, and certification. 

The HITRUST Implementation Part II course is designed to provide the information to the management decision making and cost management by right-sizing the project and right implementation. The course is designed to ensure employees understand the importance of HITRUST and fulfill the HITRUST training requirements. The series of HITRUST courses are useful for compliance, cybersecurity, information technology, and audit professionals to enhance security and compliance skills. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CO00602
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand what is HITRUST
  • Learn about the HITRUST CSF components
  • Learn how to calculate HITRUST scores
  • Understand the steps in certification plan and plan considerations
  • Understand HITRUST Implementation Planning use case and learn to implement
  • Learn to calculate risk rating as per HITRUST
  • Understand the corrective action plan (CAP) and documentation
  • Learn how to calculate the CAP risk rating and prioritization

Incident Management Advanced Part II

Objective

Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected. An ISMS is that part of the overall management system, based on a business risk approach, aims to establish, implement, operate, monitor, review, maintain and improve information security. ISO 27001 is the internationally recognized best practice framework for an Information Security Management System (ISMS). ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).

The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains employees on how their organization can move from their current state to their target state with the ability to identify gap and prioritize gaps based on risk assessment. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00402
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understandthe need for ISMS
  • Learnabout ISO 27001certification and ISMS Mandatory Process
  • Introductionto implementing ISMS
  • Learnhow to implement ISO 27001 ISMS 11 Step Program
  • Stepby Step Guide on implementing ISMS program
  • Learnthe practical examples and study the documentation samples
  • Learnabout ISO 27001 Annex A Controls Checklist 14 Domains and 35 Control Objectives        
  • ISMSPart III includes implementation details for each control objective alongguidance

Incident Management Awareness Part I

Objective

Information is an ASSET that, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected. An ISMS is that part of the overall management system, based on a business risk approach, which aims to establish, implement, operate, monitor, review, maintain, and improve information security. ISO 27001 is the internationally recognized best practice framework for an Information Security Management System (ISMS). ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).

The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains to employees how their organization can move from their current state to their target state with the ability to identify gaps and prioritize gaps based on risk assessment.
 
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CS00401
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Brief about Incident and Incident Management (IM)
  • Incident Management Objectives
  • What is a Security Incident Management?
  • Incident, Problem, and Service Request
  • Incident Management Key Concepts
  • Incident Management Process and ITIL
  • Incident Management Process Workflow Examples
  • Incident Management Process
  • Incident Management Process Steps Discussed in Detail

Information Security and Privacy Awareness

Objective

Your enterprise's data is at risk. Your own employees may be pawns in the next threat from a highly skilled hacktivist, criminal, or nation-state. A security-aware workforce is a vital component in enterprise protection and is necessary to protect the company and its partners, customers, and employees. Additionally, you want to make sure that security is both a board-level and executive-level priority. 

The objective of an effective Cyber Security and Privacy Awareness Training program is to empower employees to be proactive and aware of cybersecurity threats. The process starts with the training of new employees and it is an important opportunity to instill a security mindset into all roles early on. The course includes cybersecurity and privacy knowledge test as users progress through the training. Cyber Security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. The training is designed to protect and preserve the confidentiality, integrity, and availability of information owned by or in the care of the corporation.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00101
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn How to Protect Information
  • Understand the Key Security Terms
  • Learn about Insider Risk
  • Learn about Privately Identifiable Information and Privately Healthcare Information
  • Learn about Physical Security, Facility Security and Clean Desk Policies
  • Learn about Social Engineering and Phishing
  • Learn about Acceptable Personal Use of Corporate Property and Email
  • Learn about Malicious Software and Incident Reporting
  • Learn about User Id and Password Protection
  • Understand Your Responsibility as a User

Information Security Management System (ISMS) Part I

Objective

Incident management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents with the objective to ensure smooth business operations with minimal to no downtime. 

The IM programs are designed to train the employees and professionals to develop a better understanding of incidents and how they impact businesses. The program is in three parts. IM Part I is for all employees to help them understand their roles and how quickly an incident can escalate to become a major issue if not managed properly. The employees will learn key concepts, understand different terminologies, etc. The course is designed to ensure employees understand the importance of acting quickly and to make sure they are aware of the basic requirements. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00304
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Brief about Incident and Incident Management (IM) 
  • Incident Management Objectives
  • What is a Security Incident Management?
  • Incident, Problem, and Service Request
  • Incident Management Key Concepts
  • Incident Management Process and ITIL
  • Incident Management Process Workflow Examples
  • Incident Management Process 
  • Incident Management Process Steps Discussed in Detail

Information Security Management System (ISMS) Part II

Objective

Incident Management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents to ensure smooth business operations with minimal to no downtime. 

Part II of the course will enhance your understanding of the incident management process. It starts with identifying incidents, critical success factors, and key performance indicators specific to IM. You will also learn about the ITIL framework based IM Process Workflow.

The course is designed to ensure practitioners understand the importance of acting quickly and to make sure they are aware of the basic requirements. The course includes knowledge tests as users progress through the training. 
  • Course ID: CO00305
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Incident and Incident Management (IM)
  • Understand Critical Success Factors (CSF) 
  • Understand Key Performance Indicators (KPI) Specific to Incident Management
  • Understand Other Process Interfacing with Incident Management
  • Learn about ITIL Framework Based Incident Management Process Workflow
  • Implementing Incident Management - Detailed Guidance

Information Technology General Controls (ITGC) COSO Framework Part II

Objective

The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and the role of information technology. Under section 302, the companies need to implement systems that protect against data manipulation, provide the ability to track timelines, and can determine who had access to data and when. Under section 409 compliance mandates the timely disclosure of any information and section 802 states the information technology team’s role in SOX compliance to preserve records. 

The course ITGC Part II is designed to ensure employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing correct security controls to ensure that financial data is accurate and protected against loss. You will learn about evaluating and auditing IT general controls.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CS00702
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Information Technology General Controls (ITGCs) basics 
  • Study the IT and Risk Control Approach
  • Learn to evaluate IT General Controls
  • Learn about Auditing Security Administration Controls
  • Learn about Auditing Maintenance Controls
  • Learn about Auditing Computer Operations Controls
  • Learn about Auditing Systems Development Controls
  • Learn about Auditing Outsourced Services Controls
  • Study the Key Considerations for Effective SOX Testing

Information Technology General Controls (ITGC) Part I SOX

Objective

The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises and the role of information technology. Under section 302, the companies need to put systems that protect against data manipulation, provide the ability to track timelines, and determine who had access to data and when.

The course provides a detailed understanding of the COSO components, objectives, entity-level consideration, financial reporting assertions, use COBIT, ISO 27000, ITIL for SOX compliance, and more. The course content is precise and to the point with a focus on knowledge application and practical considerations. The course ensures employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing proper security controls to ensure that financial data is accurate and protected against loss.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: CS00701
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Study the Sarbanes-Oxley Act (SOX)
  • Learn about the COSO framework and its relationship with SOX
  • Learn about SOX and Corporate Governance requirements
  • Study the internal controls
  • Understand the relevance of IT controls for SOX compliance
  • Understand the fundamentals of ITGC
  • Study the types of IT controls
  • Study the general IT process controls and controls testing

Malware Ransomware Awareness

Objective

The two most common ways that malware accesses your system are the Internet and email. Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems. There are many forms of malware, including viruses, exploits, adware, Trojan, worms, ransomware, and spyware. Just visiting a malicious website and viewing an infected page and/or banner ad can result in a drive-by malware download. All it takes is for one unsuspecting person to create an opening, and malware can infect an entire network.

The course is designed to educate employees to understand how malware can infect your device, how you can avoid malware, and what action you need to take when you get infected by malware.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00105
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • How do you get malware?
  • What malware is and why it is dangerous
  • Become familiar with different types of malware and how users can identify them
  • How can you tell if you have a malware infection?
  • Understand how most malware requires human action to infect a computer
  • How to protect against malware?
  • How people can avoid malware and what to do (and not to do) if this ever happens

National Institute of Standards and Technology Part I

Objective

National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to apply the principles of the NIST Cyber Security Framework (NIST CSF) to your organization.

A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00501
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about CSF fundamentals
  • Learn how to develop a risk-based cybersecurity framework
  • Understand the CSF framework core and design
  • In-depth knowledge on how to use functions, categories, and subcategories
  • Use of risk management principles, best practices, and methodologies
  • Understand the CSF implementation tiers and implementation
  • Learn about framework profile implementation
  • Learn about improving resiliency

National Institute of Standards and Technology Part II

Objective

National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to implement the principles of the NIST Cyber Security Framework (NIST CSF) in your organization. You will study informative references associated with functions and categories in greater detail.

A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00502
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about CSF fundamentals
  • Learn how to establish or improve your cybersecurity program
  • Understand the NIST CSF concept and how to implement with the help of case study
  • Understand the practical application of CSF framework’s core, design, functions, categories, and subcategories
  • Detailed knowledge of functions, categories, and subcategories along with
  • informative references from COBIT, ISA, NIST SP 800-53, CIS CSC, ISO 27001, etc.

Payment Card Industry Awareness

Objective

PCI DSS is meant to protect the cardholders (credit and debit) data to minimize or eliminate data breaches and other security incidents. Payment Card Industry (PCI) Awareness training is for employees working with the organizations that must comply with PCI Data Security Standard (PCI DSS) as well as anyone interested in learning more about PCI. Personnel responsible for PCI DSS compliance have specific training needs exceeding that which is typically provided by general security awareness training. In addition to the general awareness of information security, PCI training focuses on specific security topics, skills, processes, or methodologies that must be followed by the individuals to perform their compliance responsibilities effectively. PCI DSS requirement 12.6 states that organizations implement a formal security awareness program. 

The awareness course is designed to help employees recognize and avoid everyday security threats while ensuring that sensitive payment card data is continuously secure. The course includes knowledge test as users progresses through the training. The further topics covered in this series of PCI training revolve around the essential elements of PCI DSS. These are basically the why, what, how, and who and consist of 12 essential requirements or elements.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CO00201
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Need for PCI DSS training
  • PCI data security
  • Relationship between PCI DSS and PA DSS
  • PCI DSS scope
  • PCI DSS requirement explained with examples
  • Control costs and gain tangible, real-world insights on best practices
  • Understand PCI compliance before going through an assessment
  • Apply PCI DSS security principles across business

Privileged Access Management (PAM) Part I

Objective

“According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across an organization’s most critical systems and data. 

Part I of the PAM course provides an overview of the privileges, how are they created, granted, etc. and the benefits of privileged access management. You will learn about privileged accounts, the types of privileged accounts,  the privileged service accounts,  privilege related risks, and challenges. The course enhances knowledge in the areas of  privileged threat vectors (external and internal),  how hackers compromise the privileged accounts, and study the privilege access management best practices

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: PA1
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Privileged Access Management Overview
  • Learn about privileges and how are they created, granted, etc.
  • Learn about privileged accounts
  • Understand the types of privileged accounts
  • Study the privileged service accounts
  • Learn about privilege related risks and challenges
  • Learn about privileged threat vectors – external and internal
  • Understand the benefits of privileged access management
  • Learn how hackers compromise the privileged accounts.
  • Study the privilege access management best practices

Privileged Access Management (PAM) Part II

Objective

According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across

an organization’s most critical systems and data. 

 

Part II of the PAM course contains thorough knowledge about the privileged account security controls, PAM solution partner considerations, how to baseline the PAM, and how to manage ongoing improvements. The course learnings include critical questions to answer when you start the PAM program, third-party PAM access requirements, insider threat considerations, and more. The course enhances your knowledge in protecting privileged accounts and privilege access management best practices.

 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: PA2
  • Duration: 0 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about privileges and how are they created, granted, etc.
  • Learn about the capabilities of PAM software.
  • Study the PAM security controls.
  • Learn about the PAM solution partner considerations.
  • Study about the PAM baseline and ongoing Improvements.
  • Study the considerations for selection of PAM.
  • Learn hot to protect privileged accounts.

Problem Management Advanced Part II

Objective

The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents. The Problem Management Advanced course will enable you to design and implement a problem management process in your organization. 

The course will train you on establishing problem management process roles and responsibilities, step by step approach in implementing key processes, defining process inputs/outputs, and reporting. You will also learn about drivers/inputs that trigger the problem management process. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00602
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand basic concepts of problem management
  • Learn about the roles and responsibilities associated with the problem
  • management process
  • Understand the input that triggers the problem management process
  • Planning for problem management process implementation and training
  • Understand the problem management process implementation guide (step by step approach)
  • Understand process inputs and outputs
  • Learn about problem management reporting
  • Understand the problem management checklist
  • Understand the activities and documentation

Problem Management Awareness Part I

Objective

The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents. 

The Problem Management Awareness course will enable you to gain and apply the skills and techniques to your own organization to establish problem management best practices. You will learn when and how to implement a problem control process, understand the workarounds, develop policy and procedures, and define critical success factors as well as key performance indicators. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00601
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Understand incident vs. problems
  • Understand quick fix and permanent problem resolution
  • Key definitions and basic concepts for problem management
  • Decide whether you need to implement problem control
  • Key process activities of the problem management process
  • Understand workarounds and solutions
  • Developing problem management policy
  • Learn about problem management process interfaces
  • Critical success factors and key performance indicators

Risk Assessment Awareness Part I

Objective

Risk management is the responsibility of all employees within an organization aiming towards building a risk-aware and responsible culture.Risk is defined as the potential for loss or damage when a threat exploits a vulnerability. Risk management is more complex today than ever. A gap in risk awareness across the three lines of defense creates disconnects and delays in handling the risk issues. 

The course provides your employees with competence in risk management vital to protecting your institution and achieving compliance. The course provides in-depth knowledge of risk management concepts and fundamentals. The course improves risk awareness, promotes an open risk culture, and inclusion of risk in decision-making process. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: RM00103
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Risk Identification – Learn to identify risk
  • Risk Assessment - How to assess risk?
  • Risk Analysis – How to analyze risk?
  • Controls – Learn to develop controls
  • Risk Treatment – How to treat risk?
  • Risk Management Elements – What are the risk management elements?
  • Risk Monitoring – How to monitor risk?
  • Risk Management Approach – Learn the process?
  • Issue Management Remediation

Social Engineering & Phishing Advanced Part II

Objective

Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony websites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication. 

In Part II of Phishing Awareness, you will learn about different types of phishing attacks, techniques in discovering attacks, characteristics of phishing emails, etc. providing employees with very deep knowledge in responding to the growing amount of phishing emails. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00104
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Ten Different Types of Phishing Attacks
  • Understand the Characteristics of Phishing Emails
  • Understand Common Methods of Phishing Attacks
  • Learn about Escalation and Containment
  • Learn about Eradication and Rebuilding
  • Learn about Recovery and Aftermath

Social Engineering & Phishing Awareness Part I

Objective

Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony web sites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication. 

In Phishing Awareness Part I, you will learn about social engineering attacks, types of attacks, attacks techniques, and telltale signs of phishing attacks providing employees with deep knowledge of social engineering attacks. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00103
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about Social Engineering Attacks
  • Social engineering attack techniques
  • Steps in social engineering attack
  • Types of Social Engineering Attacks
  • Phishing attacks
  • Telltale signs of phishing attacks
  • Detection, Identification, and Tips to Keep You From Being Fooled
  • Spear Phishing• Detection telltale signs
  • Use cases and phihsing attack detection exercises

System & Organization Controls (SOC) Part I

Objective

SOC stands for “System and Organization Controls” and is the agreed upon control procedures set by the American Institute of Certified Public Accountants (AICPA). 
These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learner in implementing SOC. 

The training will help organizations to have in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills and type of controls required to certify. The Part I is about basic understanding of SOC1, SOC2 and SOC3; SOC2 driving factors; difference between Type I and Type II SOC; factors driving the audit scope; foundation of SOC report; and trust service principles. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00501
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Learn about the System and Organization Controls (SOC) - SOC 1, SOC 2 and SOC3
  • Understand the businesses that should think about SOC 2
  • Learn about the driving factors for SOC compliance
  • Learn how SOC 2 is different from SOC 1 and other compliance frameworks
  • Understand the difference between a Type I and Type II audit
  • Learn to decide the type of SOC report the organizations needs to have
  • Learn about the factors driving the audit scope
  • Understand the foundation of SOC 1®, SOC 2®, and SOC 3® Reports
  • Learn about the SOC 2® and SOC 3® Trust Services Principles

System & Organization Controls (SOC) Part II

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC.   Part II explains the SOC2 audit requirements, who can perform the audit, and applying relevant SSAE 18 standards.

The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. You will learn about SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security, SOC for Supply Chain, and SOC 2 + Additional Subject Matter Reports as well as the scope and use of these reports. The study contains case studies for SOC for Cyber Security and SOC for the supply chain. You will learn about mapping Trust Service Criteria to other standards and frameworks.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00502
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • SOC evolution
  • Learn about SOC 2 audit and who can perform the audit
  • Learn how to apply relevant SSAE 18 AICPA Standards
  • SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security and SOC for Supply Chain Reports
  • Understand scope and use 
  • Learn about the purpose and relevant standards 
  • Learn about the subject matter and components of the report 
  • Understand the use case for SOC for Cyber Security and SOC for Supply Chain
  • Learn about SOC 2 + Additional Subject Matter Reports
  • Learn the about TSC Mapping to Standards and Frameworks

The Federal Financial Institutions Examination Council (FFIEC) Awareness Part I

Objective

The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness. The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience. 

The FFIEC Cybersecurity training ensures personnel has the necessary knowledge and skills to support security awareness and strengthen compliance. Also, management's behavior and priorities heavily influence employee awareness and policy compliance, so training and the commitment to security should start with management. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00406
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • What is FFIEC?
  • Learn about FFIEC Cybersecurity Priorities
  • Understand FFFIEC CAT Inherent Risk Profile Assessment Categories
  • Understand FFIEC Risk Levels• Learn about Inherent Risk Categories and Ratings
  • Understand in detail the FFIEC CAT Maturity Assessment Categories
  • Domain 1: Cyber Risk Management and Oversight
  • Domain 2: Threat Intelligence and Collaboration
  • Domain 3: Cybersecurity Controls
  • Domain 4: External Dependency Management
  • Domain 5: Cyber Incident Management and Resilience Domains, Assessment
  • Factors, Components, and Declaration

The Federal Financial Institutions Examination Council (FFIEC) Part II

Objective

The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness. 

The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience. The FFIEC Cybersecurity Part II ensures personnel has the necessary knowledge and skills to implement FFIEC principles and perform maturity assessments with the help of a detailed case study. 

The course includes ready templates useful for assessments and reporting. Also, the course includes knowledge tests as users progress through the training.
  • Course ID: CO00407
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Role of internal audit in FFIEC risk and maturity
  • Understand FFIEC maturity levels
  • Learn on how to interpret and analyze assessment results
  • Complete case study to provide in-depth understanding and application of principles
  • How to calculate risk for technology and connection type
  • How to create rating summary
  • Learn how to create an inherent risk profile
  • Understand cybersecurity maturity level calculation
  • Learn to document maturity results based on the maturity input
  • Learn to prepare target maturity and maturity result charts
  • Learn to prepare a chart of components
  • Learn to develop roles and responsibilities of the internal audit function
  • Learn to evaluate the cybersecurity maturity assessment

Vendor Risk Management Awareness Part I

Objective

The use of third-party services has become a valuable business practice in virtually every industry these days. By outsourcing services, corporations can reduce costs and allow management to sharpen their focus on core business activities. The use of outsourced services introduces an element of risk as vendors could have access to sensitive customer data, which elevates the cybersecurity threat or vendor services can directly impact corporate objectives. 

Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities. Increased regulatory focus on vendor management has placed a greater burden on institutions to build a compliant program. For e.g., FFIEC, GLBA 501(b), etc.The VRM course is in two parts. The part I provide the knowledge of the fundamentals of vendor risk assessment, factors driving risk assessment, introduction to third-party risk management frameworks, etc. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: RM00101
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • What is vendor/third-party risk management (TPRM)?
  • What are third parties?
  • What are the common concerns of TPRM?
  • Why perform a third-party risk assessment?
  • What are the factors driving third-party risk assessment?
  • Why do I need a Third-party Risk Management Framework?
  • Why do I need a TPRM framework?

Vendor Risk Management Framework Development Part II

Objective

The use of third-party services has become a valuable business practice in virtually every industry these days. The use of outsourced services introduces an element of risk as vendors could have access to sensitive customer data, which elevates the cybersecurity threat or vendor services can directly impact corporate objectives.

The organization should formulate explicit third-party risk management (TPRM) framework, including a clear definition of ownership and governance, standardized workflows, and articulation of risk appetite in respect of third parties, which aims at creating alignment among the internal stakeholders. The TPRM course is in two parts. Part II provides knowledge of the TPRM frameworks and how to build and implement a TPRM framework. The course includes knowledge test as users progress through the training.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: RM00102
  • Duration: 0 mins
  • CPE: 1 HR
  • Course Type: e-Learning
Course Details

What you will learn?

  • Why do Organizations need a TPRM framework?
  • What are the third-party risk categories and common third-party risks?
  • What are the Best Practices for a TPRM Framework?
  • What are the TPRM Framework Considerations?
  • How to build a TPRM framework?
  • How to implement a TPRM framework?
Copyrights © 2020 All Rights Reserved by SecuRetain.