Information Security

SANS Training Modules

SANS Training Modules
Module Number
Module Name
01You Are the ShieldThis introduction explains how each person plays an important role in protecting your organization and how they are an information gatekeeper. In addition, we introduce the concept of creating a strong cyber shield and how this training will enable them to take control of and protect their cyber activities, both at home and at work.01:05
02Social EngineeringSocial engineering is one of the most common types of cyber security attacks. This updated module explains what social engineering is, provides two different examples to demonstrate these types of attacks, and shows how people can detect and defend against them. As social engineering can take on any form, including phone calls, emails, text messages, social media, or in person, the module lays the foundation for what to do in the event of an attack.  03:11
03Email, Phishing, and MessagingPhishing is a cyber security attack that can be used to target many people at once or a small group, which is known as spear phishing. This updated module explains what generic and spear phishing are and how they work by using real-world email and text messaging examples. The module also reviews the warning signs of phishing and how employees can spot and stop such attacks. 04:21
04Browsing SafelyBrowsers are the primary tool people use to access the Internet. As a result, browsers and their plugins are a common target for attackers. In this module, employees learn how to browse safely, including keeping the browser and plugins updated, using HTTPS, and scanning what they download.02:16
05Social NetworksSocial networking sites are a primary communication tool where people freely share information. We provide examples of the risks of sharing information online and steps that employees can take to prevent identity theft, spreading malware, scams, and targeted attacks.02:15
06Mobile Device SecurityMobile devices today have the same functionality, complexity, and risks as a computer, but with the additional risk of being highly mobile and easy to lose. Employees learn how to keep their mobile devices safe and secure, to include keeping them physically secure, using strong passcodes, and keeping the devices updated.02:51
07PasswordsStrong passwords and their safe use are some of the most effective ways to keep online accounts and information safe. This updated module explains why passwords are important, how to create a strong password using passphrases, and how two-step verification, combined with a password, increases security. The module also reviews safe password use behaviors, such as not sharing passwords, having a unique password for each account, and why using public computers for email, work accounts, and financial information is not safe.03:28
08EncryptionEncryption is a security control that protects the confidentiality and integrity of information. This updated module explains what encryption is and how an encryption key works to encrypt and decrypt information.02:00
09Data Security Safe data handling practices are critical at each step of accessing, sharing, transmitting, retaining, and destroying data. This updated module explains why it is important to only use authorized systems and only allow authorized personnel access to data. The module also describes ways to securely store or process sensitive information, restrictions on transferring or sharing information, ways to manage data retention, and how to destroy data securely. Note: this module is required for most of the compliance videos.06:23
10Data DestructionMany employees mistakenly believe that when they delete data it is gone for good. They are unaware that it can be easily retrieved from almost any device. We explain the concept of securely wiping data, why it is important to do so and why you should not simply delete confidential data.01:47
11Wifi SecurityOne of the most common ways employees connect to the Internet is through wireless connectivity, usually Wi-Fi. This module discusses the risks of public Wi-Fi and the steps that employees can take to protect themselves. In addition, we cover why only authorized Wi-Fi access points with prior management approval can be deployed within your organization.02:12
12Working RemotelyFor many organizations, employees no longer work at the office. Instead, they work from home or on the road while traveling. Since organizations no longer have physical control of people's work environment, there are unique risks. This module focuses on how these employees can protect themselves, including laptop security and creating a secure, mobile working environment.02:40
13Insider ThreatInsider threats are trusted employees, contractors, or third-party members who exploit their insider status and maliciously cause harm to an organization. This updated module explores new examples of insider threats, warning signs of an insider threat, and how to reduce the likelihood of an attack by using strong organizational security practices.03:32
14Help DeskThe help desk is often a targeted group within an organization. These people are trained to communicate with and assist a variety of strangers over the phone. As such, additional steps must be taken to both educate and protect these individuals.03:40
15Information Technology Staff (IT Staff)Your IT staff has privileged access to your critical systems, and it is very important that they are secure. We discuss how your IT staff can protect themselves and your organization, including proper use of privileged accounts, limiting the information they share, and how they can detect if a system is compromised.04:20
16Physical SecurityPhysical security is an important component of information security. We explain how attackers will attempt to trick and fool their way into restricted areas. We also discuss how employees can protect the physical security of your facilities, the importance of proper information disposal, and maintaining physical control of any devices while traveling.02:37
17Creating a Cyber Secure HomeEffective cyber security practices are important both at work and at home. This NEW module describes the steps that can be used at home to protect personal devices, Wi-Fi networks, and online accounts. It also covers the importance of information backups, such as Cloud services or external hard drives, in the event of an attack, theft, or loss of a device. Secure behaviors at work often start at home.03:29
18Protecting Your Home NetworkSecurity is not just an issue at work, but also at home.  In this module we cover steps people can take to protect their home networks,  including securing Wi-Fi Access Points and identifying all the devices they have connected to the Internet. If you build good security behaviors at home, people are more likely to follow them in your organization, as well.


19Protecting Your Kids OnlineOne of the greatest challenges of being a parent is giving your children the freedom to explore the Internet, while at the same time protecting them from many of its unique risks. We explain how parents can give their children freedom while protecting them online. This module helps motivate and engage employees in your overall awareness program.04:27
20HackedA security incident or compromise can occur even with security controls and security awareness training in place. This updated module focuses on the warning signs that can be used to identify and report an incident. Warning signs include, but are not limited to, suspicious software, unauthorized charges to SMS numbers, unexplained data or device battery usage, pop-up messages indicating malware, anti-virus alerts, and passwords no longer working. 02:25
21Senior LeadershipSenior leadership is often one of the most challenging groups to train due to their limited time and access. This module condenses all the key topics senior leadership needs to know into a single, high-impact training session.  04:31
22Payment Card Industry Data Security Standard (PCI DSS)If your organization stores, transmits, or processes any cardholder data, it is required to follow PCI DSS. This updated module can be used to comply with updated PCI DSS version 3.2 standards. This module is built on and requires people to watch the Data Security module first as part of compliance training.03:46
23Family Educational Rights and Privacy Act (FERPA)The Family Educational Rights and Privacy Act, also known as FERPA, is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. This module explains the rules and regulations all school faculty, staff, contractors, and student employees should follow when handing student information. This module is built on and requires people to watch the Data Security module first.04:33
24Health Insurance Portability and Accountability Act (HIPAA)This module explains what Protected Healthcare Information (PHI) is and covers the steps required to store, process, and use it. If your organization stores, transmits, or processes any PHI, it is required to follow this standard. This module is built on and requires people to watch the Data Security module first.  02:57
25Personally Identifiable Information (PII)This module explains what PII is and the extra steps employees must take to protect it and other types of confidential information. Examples include the use of encryption and personal email accounts, the sharing of sensitive information, using only authorized systems to store or process sensitive information, and securely disposing of sensitive data. This module is built on and requires people to watch the Data Security module first.03:13
26Criminal JusticeThe criminal justice and law enforcement communities have several unique requirements for the use and handling of information they collect in their daily jobs and activities. This module explains those requirements, including authorized and unauthorized information sharing, data access, and how to avoid unsafe behaviors.03:27
27Federal Tax InformationAny organization working with federal tax information is regulated by federal law and required to take specific steps to protect that data. This module explains what federal tax information is and details the steps that must be taken to protect data in order to keep your organization compliant.03:43
28Gramm-Leach-Bliley Act (GLBA) - EducationalThis module explains what GLBA is, what NPI (nonpublic personal information) is, and the steps that employees must take to protect it to ensure your organization remains compliant. The focus of the module includes both educational and financial examples. This module is built on and requires people to watch the Data Security module first.02:28
29Gramm-Leach-Bliley Act (GLBA)- FinancialThis module explains what GLBA is, what nonpublic personal information (NPI) is and the steps that individuals should take to protect it to ensure your organization remains compliant. This module is built on and requires people to watch the Data Security module first.01:50
30Red Flags RuleThe Red Flags Rule is a federal regulation that requires organizations to implement an Identity Theft Prevention program designed to detect the warning signs of identity theft. This module explains what these red flags are, what to look for, and the actions to be taken for data protection. 03:27
31EthicsEthics defines the socially accepted behaviors in your organization and culture. This module helps define those behaviors by explaining behavioral expectations. When confronted with cheating, stealing, lying, and other behaviors not to be tolerated, employees may need direction if they are uncertain over the right action to take. This module showcases how to maintain an ethical working environment.  02:59
32Targeted AttacksTargeted attacks, such as spear phishing and CEO Fraud, involve extensive research on the target before the attack is launched. This NEW module provides a real-world example of how a targeted attack works and how everyone in an organization can protect against them.&03:51
33Cloud ServicesCloud services enable data storage and sharing, potentially increasing employee productivity while reducing organizational costs. However, employees must understand that authorized use of Cloud services must occur safely and securely. This module explains these risks to employees and shows them how to safely use authorized Cloud providers in your organization.02:28
34International Traffic in Arms Regulations (ITAR)The U.S. government enforces a complex regime of export controls, trade sanctions, and other requirements to prevent certain items, including data, software, and technology, from going to unauthorized people, entities, and countries. This module covers guidelines on when ITAR applies to your organization and its research, along with the steps needed to protect it.05:31
35Data RetentionThis module explains what data retention is and what guidelines employees need to follow,
including the use of email and authorized data destruction. 
36Social Security NumbersA Social Security number is a person’s unique identifier that can be used by criminals for identity theft, fraud, gaining unauthorized access to medical records and creating general havoc for a person’s overall privacy. This module covers the steps every employee should take to protect SSNs. This module is built on and requires people to watch the Data Security module first.02:34
37Foreign Corrupt Practices Act (FCPA)The Foreign Corrupt Practices Act applies to any organization that does business in the U.S. or has stocks, bonds, or other securities traded in U.S. markets.   This module explains what FCPA is, why it's important, and the rules and processes that employees are expected to follow in order to be in compliance with it.03:45
38Federal Personally Identifiable Information (Federal PII)Any Personally Identifiable Information (PII) that comes from federal agencies is protected by federal law. This data has special and very specific policies on how it must be protected. This module explains what Federal PII is and the steps people need to take to protect it.03:37
39EU Data ProtectionThe European Union’s Data Protection Directive is concerned with any information that, either by itself or used with other pieces of information, could identify a living person. This module explains what EU protected data is and the EU guidelines on how it should be collected, handled, protected, and disposed.03:45
40Client Confidentiality in Law OfficesThis module gives an overview of how client data is at risk in law firms, why lawyers need to protect it, and key steps they need to take to do so. This module is unique in that it uses terminology specific to the legal industry.02:48
41PrivacyThis module explains what privacy is, why it's important (including respecting the privacy of others), and steps people should take to protect it. This module does not apply to any specific law, regulation, or standard. Instead, it is an overview of privacy concepts and their importance.01:55
42Australian ComplianceThis module explains the mandatory policies in place for Australian Government departments and agencies to ensure official information is secure.04:18
43International TravelThis module explains the risk while traveling internationally and steps employees can take to protect themselves and their information.02:14
44MalwareMalware is software that is used to perform malicious actions. This NEW module explains what malware is and how it works, to include two examples: keyloggers and ransomware. The module also reviews misconceptions about malware, the importance of backups, and the need to report an infection as soon as it happens. 02:51
99ConclusionA short video wrapping up the training.00:34