Login     Signup
   info@zetlantechnologies.com        +91-8680961847

  /   CertNexus Certification   /   CyberSAFE Certification

CyberSAFE

CertNexus® CyberSAFE® helps ensure that your end users can identify the common risks associated with using conventional end-user technology, as well as how to safely protect themselves and their organizations from security risks.



CyberSAFE

CertNexus® CyberSAFE® helps ensure that your end users can identify the common risks associated with using conventional end-user technology, as well as how to safely protect themselves and their organizations from security risks.

CyberSAFE Is Important to Virtually Any Job


Everyone in a company is responsible for its security, and anyone can put the organization at risk. CyberSAFE offers a solution by introducing team members and leaders, whether in technical positions or not, to some of the risks and pitfalls that they may face and shares how to best avoid and respond to them.






CyberSAFE Exam Details

The CyberSAFE™ assessment will certify that the successful candidate has the knowledge, skills, and abilities to identify the common risks associated with using digital technology and safely protect themselves and their organizations from security risks.



TARGET CANDIDATE

Non-technical end users within an organization that may use technology that places the organization’s critical information systems and data at risk.

EXAM CODES

CBS-410*


LAUNCH DATE

April 2022


SUNSET DATE

TBD


EXAM DURATION

20-40 minutes (on average)

PASSING SCORE

80%


NUMBER OF ITEMS

25


ITEM FORMATS

Multiple Choice/Multiple Response/True-False


EXAM OPTIONS

Online via the CHOICE LMS







Why Get CyberSAFE Certified?

Malicious actors can attack and infiltrate an organization through anyone. CyberSAFE discusses identifying the need for security and steps that can easily be taken to protect the organization.

SECURE DEVICES

Keeping systems safe from intrusion and attacks is critical. CyberSAFE reviews physical security, passwords, viruses and other malware, and using wireless devices securely

USING THE INTERNET SECURELY

Team members learn to browse the web, send and receive email, use social media, and operate cloud devices securely.






CyberSAFE Training


CertNexus CyberSAFE training empowers team members at every level to protect devices and operate safely to protect their organization. It also prepares them to sit for the CyberSAFE exam and confirm their knowledge.







Course Details

1. Identify organizational security compliance requirements.

  • Types of organizational compliance requirements
    • Password policy
    • Internet usage policy
    • Data protection
    • Personally Identifiable Information (PII)
    • Personal Health Information (PHI)
    • Acceptable Use Policy (AUP)
  • On site vs. remote
  • Equipment
  • Shared resources (passwords, mailboxes, etc.)
  • Job function differentiation
    • Facility policies
  • Employee/visitor access
  • Badge requirements
  • Key policies
    • Ramifications of non-compliance

  • Types of legal compliance requirements
    • Regulation/law
  • HIPAA
  • SOX
  • GDPR
  • NISD
  • e-privacy directive
    • Legal consequences of non-compliance

  • Examples of industry compliance requirements
    • PCI DSS
    • ISO 27001
    • NIST

  • Organizational compliance resources
    • Handbooks/websites
    • AUP documentation
  • Updates
  • Location/access
    • Departments
  • Human Resources
  • Information Technology
  • Information Security
    • Incident reporting
  • Legal compliance resources
    • Government websites
    • Legal departments
    • Insurance providers
  • Industrial compliance resources
    • Industry associations/professional groups

  • Attack vectors (points of entry)
    • Username/password
    • Organizational/personnel information
    • Physical access
    • End-user personal information
    • Email
    • Mobile device
  • Attack goals
    • Data destruction
    • Data theft
    • Financial gain
    • Financial harm
    • Political gain
    • Reputation
    • Revenge
  • High-value targets
    • C-suite
    • Accounting personnel
    • HR personnel
    • IT personnel
  • Attack types
  • Whaling
  • Spear fishing
    • Vishing
    • Smishing
    • Pharming
    • Baiting
    • Pretexting
    • Impersonation (CEO Fraud)
    • Quid pro quo
    • Tailgating/piggybacking
    • Shoulder surfing

  • Resources to defend
    • Organizational hardware/devices
    • Organizational data
    • Network access
    • Premises access
    • User credentials
  • Mitigation Techniques
    • Situational awareness
    • Badging systems/security checks
    • Door locks
    • Verification of requests
    • Proper disposal/deletion of sensitive information
    • Continual education/training
    • Communication
    • Compliance audit

  • Organizational and personal devices containing potentially sensitive data
    • Laptops/computers
    • Mobile phones
    • Tablets
    • Removable storage
  • Organizational device-security requirements
    • Limiting the devices that have access to sensitive data
    • Credentials
    • Acceptable devices for data storage
    • Disposal/deletion requirements
  • Digital presence
    • Device logs
    • Temporary files
    • Browser history
    • Cached/saved credentials
    • IoT devices
    • Cloud storage
  • Device physical security techniques
    • Proper storage/disposal/recycling
    • Loss/theft reporting
    • Locking unattended machines/devices
    • BYOD controls
  • Remote wipe functionality
  • Location detection

  • Passwords/PINs
    • Frequent changing
    • Complexity
    • Prohibiting reuse/sharing
    • Memorization vs. recording/documenting
  • Biometrics
    • Finger print
    • Facial recognition
    • Retinal/iris scan
  • Authentication apps
  • Key fob
  • Tokens
  • Smart cards
  • Authentication best practices
    • Password managers
    • Covert entry (ensure nobody can watch you enter it)
    • Immediately change following breach/incident
    • Secure storage of passwords
    • Critical importance of protecting email passwords
    • Multi-Factor authentication use when possible
    • Complexity compared to sensitivity of data
    • Unique passwords for all sites and systems
    • Avoiding using easy-to-guess passwords

  • Data backups/storage locations
  • Mobile device considerations
    • Information leakage through always-on app functionality
    • Accidental or intentional recording of sensitive data
    • Camera
    • Microphone
  • Data security techniques
    • Alerts for access/ deletion of data
    • Data classification
    • Prohibitions against copying/printing
    • Proper disposal of printed data
    • Prohibitions against removable storage devices
    • Prohibition against mobile devices in designated locations
    • Digital presence considerations
      • Device logs
      • Temporary files
      • Browser History
      • Cached/ saved credentials
      • IoT devices
      • Cloud Storage

  • Malware effects
    • System corruption
    • Spying/logging
    • Distracting/annoying
    • Device performance degradation
    • Data hijacking/ransoming
    • Data destruction
    • Blackmail
    • Advertising
  • Malware types
    • Key logger
    • Ransomware
    • Adware/spyware
    • Trojan horse
    • Virus
    • Worm
    • Browser hijacker
  • Malware sources
    • Trick offers
    • Rogue antivirus
    • Free software scams
    • Software piggybacking
    • Confusing or obscured options (custom installations)
    • Unknown/untrusted download sites
    • Open Networks
    • Email attachments
    • Links
    • Scripts in data files/software
    • Advertising banners
    • Infected hardware
    • Thumb drives
    • External hard drives
  • Malware prevention techniques
    • Careful reading of emails/dialog boxes/offers/pop-ups/etc.
    • Malware prevention software
    • IT approval for software installation
    • Inspection of links before selecting
    • Benefit/risk analysis when installing software
    • General system behavior awareness
    • Use of only known vendors and devices
    • Verified publishers

  • Common wireless network risks
    • Eavesdropping
    • Unsecure networks
    • Private
    • Public
    • Open
    • Rogue access points
    • Evil twins
    • “Remembering” wireless networks
  • Secure wireless device use techniques
    • Public network use prohibitions
    • Encryption
      • WPA2/WPA3
      • Securing Wi-Fi passwords
    • Wireless network “forgetting”
    • Evil twin avoidance
      • Misspelled network names
      • Lack of password requirements when they are expected
      • Multiple networks with similar names

  • Well-known browsers
    • Chrome
    • Edge
    • Firefox
    • Safari
  • URL construction
    • HTTP vs. HTTPS
    • Non-encryption vs. encryption
    • Top level domains
    • Domain names
    • Suspicious/spoofed URLs
    • Close spellings/misspellings
  • Safe web browsing techniques
    • Current and updated web browser use
    • Deciphering web addresses
    • Shortened (Bitly)
    • Misspelled
    • Wrong top-level domain (.com v .net)
    • Redirect (changed URL)
    • Unknown add-in, plug-in, toolbar avoidance
    • Not clicking/tapping ads and pop-ups
    • Protocol verification
    • URL verification when using links
    • Typing vs. clicking
    • Bookmarking common sites
    • Caution when using mobile devices (URLs not always visible)

  • Common email use risks
    • Frequent social engineering attacks
    • Security concern alerts
    • Requests for user credentials
    • Malware removal/IT support offers
    • Free offers
    • Monetary/inheritance scams
    • Requests for information
    • Fake invoices from debt collectors
    • Fake credit card expiry notifications
    • Urgent requests form supervisor/ executive level
  • Malicious attachments
    • High-risk file types
  • ZIP/ Compressed files
  • .exe
  • JavaScript
    • Attachment policy/regulation compliance
  • Safe email use techniques
    • Imposter identification
    • Sender name vs. email address
    • Subject line topics
    • Tone/voice/grammar of sender
    • Signature lines
    • Unusual/atypical/urgency requests from seemingly valid sources
  • “Bank” asking for password in email
  • “IT” asking for personal info via email
    • Sender verification
    • Call back/meet in person before responding/clicking
    • Email use policy compliance
    • Attachment considerations
    • Approved third-party cloud storage (Dropbox, Box, etc.)
    • Password protected
    • Encrypted

  • Social network security considerations
    • Accidental sharing of sensitive information
    • Combined sources of data (multiple platforms, posts, replies, likes, etc.)
    • Disparaging/revealing comments
    • Representing yourself vs. the organization
    • Sensitive information
  • Lack of control over data and sharing
    • Confidentiality
    • Once posted, always online
    • Consent to data sharing
  • Ambiguous/lengthy confusing security settings
  • Opportunities for social engineering
  • Spoofed accounts
  • Hacked accounts
  • Strong authentication
    • Password
    • Multi-Factor Authentication (MFA)
  • Safe social networking techniques
  • Alignment with organizational social networking usage and policies
  • Thorough research and configuration of security and privacy settings
  • Caution with sharing any potentially sensitive or reputation-damaging information
  • Security of credentials
  • Social engineering awareness
    • Verify connections
    • Verification of content
  • Fact checking

  • Cloud service risks
    • Cloud service spoofing
    • Vendor changes
    • Acquisitions/mergers
    • Out of business
    • Mixing up work and private accounts (digital storage location)
    • Compromising credentials
    • Data persistence
  • IoT device considerations
    • Data collection
  • Safe cloud service use techniques
    • Organizational approval for all cloud-based storage
    • Local backups
    • Extra credential vigilance
    • Secure network connection

  • Connecting securely
    • VPN
    • Scanning for vulnerabilities (Health check)
  • Anti-Virus Software
  • Home Network Security
    • Password sharing
    • Updated router firmware
  • Separate professional and personal
    • Separate network
    • Devices
    • Data
    • Cloud storage
  • Remote Management / Managed device
  • Smart Home Devices
    • Access point for network entry
    • Shut down smart home devices
  • Collaboration platforms
  • Personal accounts vs. corporate accounts
    • Background
    • Recording
    • Authentication
    • Access to microphone/ video
    • Sharing settings


Fees Structure : 22500 INR / 270 USD
Total No of Class : 157 Video Class
Class Duration : 62:30 Working Hours
Download Feature : Download Avalable
Technical Support : Call / Whatsapp : +91 8680961847
Working Hours : Monday to Firday 9 AM to 6 PM
Payment Mode : Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Brochure       Buy Now       Sample Demo

Fees Structure : 30500 INR / 365 USD
Class Duration : 60 Days
Class Recording : Live Class Recording available
Class Time : Monday to Firday 1.5 hours per day / Weekend 3 Hours per day
Technical Support : Call / Whatsapp : +91 8680961847
Working Hours : Monday to Firday 9 AM to 6 PM
Payment Mode : Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Download Brochure       Pay Online

Information Technologies

Why People Like us!

For over a decade, we have been on a mission: helping everyone grow up in IT Industry. Today, we are asking that you join us.

Read More

More Info

About Us Contact Us Privacy Policy Terms & Condition Refund Policy FAQs & Help

Account

My Account Course Details Shopping Cart Wishlist Order History Payment Details

Contact

Address: Chennai, Tamilnadu, India

Email: info@zetlantechnologies.com

Phone: +91 8680961847

Payment Accepted

Zetlan Technologies, All right reserved.