Aug 18 2020

Privacy eLearning – Staff InfoSec & Compliance Awareness

Privacy eLearning & Staff Awareness

  • Access staff awareness e-learning programs and train staff on best practice processes
  • Ensure staff can spot and respond to cybersecurity and privacy risks
  • Comply with data protection and information security legislation and standards
  • Test learner knowledge to prove compliance for auditing purposes
  • Train staff under one, manageable contract with these cost-effective annual licenses
  • Developed by industry experts our programs are updated every three months to ensure the content remains relevant
  • Gain access to any new content ITG release throughout your year-long contract
  • Customize the courses by adding links to company documents, policies, and procedures
  • Fast deployment with instant access to all of the courses
  • Reinforce awareness with monthly security updates, which include the latest news and tips

1) Complete Staff Awareness E-learning Suite
Complete Staff Awareness E-learning Suite

2) GDPR Challenge E-learning Game
This short and punchy ten-minute game will test your employees’ knowledge on real-life GDPR-relevant scenarios across different industries.

3) GDPR Staff Awareness E-learning Course
GDPR Staff Awareness eLearning Course

4) GDPR: Email Misuse Staff Awareness E-Learning Course
GDPR: Email Misuse Staff Awareness E-Learning Course

5) Information Security & ISO 27001 Staff Awareness E-Learning Course
ITG eLearning Course: Information Security & ISO27001 Staff Awareness

6) PCI DSS Staff Awareness E-Learning Course
PCI DSS Online Staff Awareness eLearning Course

7) Information Security Staff Awareness E-Learning Course
Information Security | eLearning Course

8) Phishing Staff Awareness E-Learning Course
Phishing Staff Awareness E-Learning Course

9) Data Protection Awareness Posters
Data Protection Awareness Posters

10) Phishing Awareness Posters
Phishing Awareness Posters

11) The ISMS Card Game
The ISMS Card Game

Tags: GRC eLearning, information security awareness, InfoSec eLearning, security awareness training

Apr 25 2019

Computer security training courses

Category: Security Awareness,Security Tools,Security trainingDISC @ 11:18 am

Computer security training courses – Online cyber security courses

Build your cyber security awareness and InfoSec career to keep your cyber security skills relevant. Learn how to protect your information assets against today’s cyber threats with best online cyber security training courses.


DISC InfoSec cyber security training curriculum includes specialized InfoSec training and general cyber security courses for all levels.


Security Penetration Testing (The Art of Hacking Series) LiveLessons

Security Penetration Testing (The Art of Hacking Series) LiveLessons

Linux Security and Hardening, The Practical Security Guide

Linux Security and Hardening, The Practical Security Guide

CISSP LiveLessons

CISSP LiveLessons

Red Hat Certified Engineer (RHCE) with Virtual Machines LiveLessons

Red Hat Certified Engineer (RHCE) with Virtual Machines LiveLessons, 2nd Edition

Fundamentals of nerc cip

Fundamentals of nerc cip

Cyber Security – Online Scams & How to Avoid Them

Cyber Security - Online Scams & How to Avoid Them

Disaster Recovery and Risk Management

Disaster Recovery and Risk Management



Penetration Testing

Kali Linux






Identity Theft

Powershell Security

Programming Courses

Security Risk Management

Planning a Security Incident Respose

AWS Security

Azure Security

Network Security

Wireless Security

RedHat Security

InfoSec eLearning

Social Engineering

Essentials of CyberSecurity

Azure Security & Compliance

Cyber Security Training Courses

Security Disaster Recovery

Cloud Security Computing 



 Subscribe in a reader

Tags: Chief security officer, information security awareness, information security guide, security awareness training

Nov 19 2009

Health Net healthcare data breach affects1.5 million

Category: hipaa,Security BreachDISC @ 2:10 pm

Health Net, Inc.
Image via Wikipedia

Here we have another unnecessary major security breach in a large healthcare organization which resulted in a loss of patient data demonstrating poor baseline security. They clearly are not ready for the new HIPAA provision ARRA and HITECH. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.

Contact DISC for any question or high level risk assessment.

The Practical Guide to HIPAA Privacy and Security Compliance

By Robert Westervelt, News Editor
19 Nov 2009 |

Health Net Inc. announced Wednesday that it is investigating a healthcare data security breach that resulted in the loss of patient data, affecting 1.5 million customers.

The Woodland Hills, Calif.-based managed healthcare provider said the lost files, a mixture of medical data, Social Security numbers and other personally identifiable information, were collected over the past seven years and contained on a portable external hard drive, which was lost six months ago. The company said the healthcare data was not encrypted, but was formatted as images and required a specific software application to be viewed. The hard drive contained data on 446,000 Connecticut patients.

The company reported the breach Wednesday to State Attorneys Generals offices in Arizona, Connecticut, New Jersey and New York. Health Net said it was beginning the data security breach notification process of sending out letters to its customers. The company said it expects to send notification letters the week of Nov. 30.

Connecticut Attorney General Richard Blumenthal said he was investigating the matter and why it took Health Net six months to report the healthcare breach.

“My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long,” Blumenthal said in a statement. “The company’s failure to safeguard such sensitive information and inform consumers of its loss — leaving them naked to identity theft — may have violated state and federal laws.”

Blumenthal said the hard drive also contained financial data, including bank account numbers. He is seeking coverage for comprehensive, long-term identity theft protection for those customers affected by the breach.

Health Net provides medical coverage for approximately 6.6 million people and its subsidiaries operate in all 50 states. In a statement, the company said the breach took place in its Connecticut office. So far there have not been any reports of fraud tied to the missing data..

“Health Net will provide credit monitoring for over two years – free of charge – to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service,” the company said.

It is the second time in a month that a healthcare provider lost customer data. Anthem Blue Cross and Blue Shield of Connecticut reported a stolen laptop was to blame for a breach compromising the personal information of 850,000 doctors, therapists and other healthcare professionals.

Security experts have long been advocating that enterprises deploy encryption on laptops and other devices that contain sensitive data. Still, all the technology in the world won’t end employee mistakes and carelessness, said Mike Rothman an analyst with Security Incite.

“You can do full disk encryption and all sorts of things to protect the device, but you are still fairly constrained by user sophistication,” Rothman said. “You have to start asking questions from a process standpoint relative to why this stuff was on an external drive in the first place.”

In reality you could turn off all USB ports on your devices, but that could hinder employee productivity, Rothman said. Security always gets back to making sure you have the right processes and policies in place and the right training and awareness so that employees understand what those policies are and ways to audit those processes, he said.

Experts say encryption should be used as a last resort when all other security policies and processes fail. While many enterprises have focused on encrypting laptops at the endpoint, encryption can be a bit trickier for portable hard drives and other removable media. If the drive is being shared between different systems people need to have some way to access the key, said Ramon Krikken, an analyst at the Burton Group.

“A lot of these portable hard drives are older without built-in encryption and to the extent to which you can easily deploy encryption has been a challenge for enterprises,” Krikken said.

Some USB makers market the devices with built-in encryption software. In 2008, Seate Technology extended full disk encryption technology to all its enterprise-class hard drives. The company also began pushing for standards for hard drive encryption in storage systems.

Nagraj Seshadri, head of product marketing at Utimaco the encryption software division of Sophos Plc, said healthcare organizations need to be just as responsible as financial firms when it comes to protecting data.

Perhaps healthcare management still doesn’t realize that they might be potentially liable for lack of reasonable safeguards to protect organization assets. Do you think it’s time for healthcare management to take information security seriously as a potential business risk?

Reblog this post [with Zemanta]

Tags: arra and hitech, data loss prevention, data security, disk encryption and file encryption, Health care, Health Insurance Portability and Accountability Act, Identity Theft, identity theft and data security breaches, Personally identifiable information, Security, security awareness training