A mandatory programme developed to give all UN staff and authorized ICT users the fundamental tools and knowledge to stay cyber safe. Users take the computer-based course individually.Staff can access this mandatory online course through their Inspira accounts. Every staff member has to complete the mandatory course online.
Note: Please search for "information security".
The course consists of three modules:
LMS-1834 - Information Security Awareness - Foundational (1.5 hrs)
LMS-1837 - Information Security Awareness - Advanced (45 minutes)
LMS-1832 - Information Security Awareness - Additional (35 minutes)
All UN ICT users including staff and other authorized users of ICT resources as per the ST/SGB/2004/15 are required to take the Foundational training (LMS-1834), followed by a 20 question assessment, (LMS-1835) Information Security Awareness - Foundational Assessment (10 minutes).
On completion of the required Foundational training and successful completion of the test, participants will earn an Information Security Awareness accreditation. A printable certificate will also be available upon completion of the course.
Information Security Awareness - Foundational (LMS-1834)
This course provides Information Security Awareness Training covering seven (7) 'Foundational' subjects. The course is mandatory for all UN ICT users and an assessment must be taken following completion of the course.
Module 1 - Introduction to Information Security (20 minutes).
Keypoints:
- With the growth of the digital age, the practice of information has grown, and security issues have become a bigger risk.
- The goal of information security is to improve both your own security and the security of the organization, as well as reducing risk.
- The two primary policies that you need to be aware of are: ST/SGB/2004/15 & ST/SGB/2007/6
- It is your responsibility to protect the UN’s information from unauthorized access, modification, destruction and disclosure.
Module 2 - Protecting Sensitive Information (20 minutes).
At the end of this module, you will be able to:
- Analyze what sensitive data protection is and why it matters, and how it applies at the UN
- Discuss the key threats to UN sensitive data
- Classify UN sensitive data according to:
o UN Information Sensitivity Toolkit
Module 3 - Social Engineering (10 minutes).
At the end of this module, you will be able to:
- Understand social engineering and its associated threats
- Identify common social engineering methods and tactics
- Recognize attacks and scams used in social engineering
- Mitigate the risks associated with social engineering
Module 4 - Password Selection & Usage (10 minutes).
At the end of this module, you will be able to:
- Define the key characteristics of strong passwords
- Determine how to create a strong password
- Understand the common mistakes in password creation
- Explore best practices for password security
Module 5 - Electronic Messaging and Phishing (10 minutes).
At the end of this module, you will be able to:
- Analyze the growing threat of phishing
- List some of the risks associated with electronic messaging
- Discover warning signs – such as fraudulent URLs and malicious attachments
- Review best practices – such as use of protected messages and safe deletion of information
IMPORTANT: Please note that the procedure in use at UNOG to report SPAM messages is different from the one described in the training. Please refer to this document for more information.
Module 6 - Accessing Information on the Internet (10 minutes).
At the end of this module, you will be able to:
- Assess the importance of safely browsing the internet
- Determine the potential dangers of browsers, URL’s and websites
- Query your responsibilities in relation to safe browsing
Module 7 - Responding to Incidents (15 minutes).
At the end of this module, you will be able to:
- Understand what an information security event or incident is
- Interpret how to identify an information security event
- Know what your first response should be if you suspect an event or incident
- Interpret how to report a security incident/event
Information Security Awareness – Foundational Assessment (LMS-1835)
This module contains a 20 question mandatory assessment for all UN ICT users and must be taken following completion the Information Security Awareness 'Foundational' training.
It will last about 10 minutes.
Information Security Awareness - Advanced (LMS-1837)
This course provides Information Security Awareness Training covering four (4) 'Advanced' subjects, which may be beneficial, but are not manditory for UN ICT users.
Module 8 - Cybercrime and Target Identification (25 minutes).
At the end of this module, you will be able to:
- Evaluate cybercrime
- Identify what a cybercriminal looks like
- Assess cybercrime threats (Internal & External)
- Review the evolution of attacks (How things are changing)
- Recognize the need for vigilance (What to look out for)
Module 9 - Mobile Devices and Wireless Networks (10 minutes).
At the end of this module, you will be able to:
- Analyze the risks associated with mobile devices
- Determine how to use mobile devices securely
- Assess the risks of publicly accessible wireless networks
- Examine how to use mobile devices and wireless networks securely
Module 10 - Data Destruction (5 minutes).
At the end of this module, you will be able to:
- Distinguish the key concepts regarding data destruction
- Identify ineffective destruction attempts
- Catalogue what you can do to securely destroy information
Module 11 - Encryption (5 minutes).
At the end of this module, you will be able to:
- Define what Encryption is and when it is necessary
- Discuss how to use Encryption – Encryption techniques and methods
Information Security Awareness – Additional (LMS-1832)
This course provides Information Security Awareness Training covering three (3) 'Additional' subjects, which may be beneficial, but are not mandatory for UN ICT users.
Module 12 - Social Networking and Personal Privacy (15 minutes).
At the end of this module, you will be able to:
- Assess the risks and dangers involved in social networking and how this could affect your UN work and your personal privacy
- Describe the best practices for safe social networking and the UN guidelines for its use
- Analyze how social media can be used for phishing
Module 13 - Protecting Children Online and Security within the Home (10 minutes).
At the end of this module, you will be able to:
- Assess how to maintain IT safety within the home
- Discover if your home IT infrastructure has a basic level of security, and if not, how to address the gaps
- Determine how to ensure that your children are safe online and are protected from inappropriate content
Module 14 - Security of Your Data in the Cloud (10 minutes).
At the end of this module, you will be able to:
- Describe what cloud computing actually is
- Determine how you might use cloud computing and services hosted “in the cloud” for your work
- Determine concerns related to cloud security and your work at the UN
- Examine the important elements which must be considered when dealing with cloud computing