Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Security+: authentication, authorization, and access control (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: authentication services (RADIUS, TACACS+, LDAP, etc.) (SY0-401) [decommissioned article ]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: Data Security Controls (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Pentester Academy Command Injection ISO: AjaXplorer 2.5.5 Exploitation

Introduction: The Pentester Academy has created a virtual machine that consists of various vulnerable real-world applications. These applications are vulnera
Read More
Article

Role Based Security Awareness Training: Training Those Who Don't Think They Need It

Introduction Security awareness training is essential for every person that has an email account and/or access to your company network. This can include ever
Read More
Article

Triton Malware Hits Critical Infrastructure in Saudi Arabia

Security experts at FireEye discovered a new piece of malware, tracked as Triton, that is specifically designed to target industrial control systems (ICS). T
Read More
Article

Top 10 Ways Your Healthcare Organization May be Violating HIPAA and Not Know It

HIPAA legislation was established by the US Federal Government in 1996. These are rules and standards designed to protect the security and privacy of patient
Read More
Article

Top 10 Ways to Make Sure Your BYOD Program Is Secure

BYOD implementation has become the new standard within enterprise organizations, and there's no sign of things slowing down. According to Cisco, 69% of IT de
Read More
Article

Phishing Attacks Targeting Young Adults

Everyone is susceptible to phishing, a social engineering technique that takes a variety of shapes and forms to target Internet users and extort valuable inf
Read More
Article

Disaster Recovery Types

Before understanding the various methodologies and techniques for disaster recovery, it is essential to know what the term "disaster recovery" means in the f
Read More
Article

Phishing Attacks in the Not-For-Profit Industry

Introduction Although the non-profit sector is not in the top phished industries of 2017, it is not as safe as one may think. The statistics from Privacy Rig
Read More
Article

Intellectual Property Crimes in the Dark Web

An Intellectual Property (IP) crime is committed every time someone uses an intellectual property right without the owner's authorization. According to the E
Read More
Article

The “poor man’s process migration” in Windows

In the various pentesting activities, there are many instances where you need to "migrate" a particular Windows working process, typically a shell. The follo
Read More
Article

DoD RMF and Security Risk Management Salaries in 2018

Introduction As technology continues to innovate and evolve, so do its security risks. A career in security risk management, therefore, involves continuous
Read More
Article

Security+: Common Incident Response Procedures (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: Risk Management Best Practices (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: Common Network Protocols and Services (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: Network Design Elements and Components (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Security+: Mitigating Security Risks in Static Environments (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Pentesting mobile applications with Burpsuite

Securing mobile applications is one of the most important issues today, especially with the continuing evolution of sophisticated cyber threats which are bec
Read More
Article

How IoT is Raising Cybersecurity Concerns

The world of information technology is moving towards a new trend called the Internet of Things, or IoT for short. Thus, there is a considerable drive to con
Read More
Article

10 crucial end user security tips

With the beginning of the 21st century, the importance of information and technology started growing, and in today's world, virtually no individual can stay
Read More
Article

Top 10 Cyber Security Predictions for 2018

A look at the 2017 predictions 2017 is ending, and it is time to check whether the cyber-security predictions we made last year were exact and we will try t
Read More
Article

Security+: Physical Security and Environmental Controls (SY0-401) [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More