Security, Awareness, Training, and Education (SATE)

---

Security, Awareness, Training, and Education (SATE) is a comprehensive approach that educates users about the importance of cybersecurity and how to implement it in their daily activities.

• instructor-led or computer-based lessons during new employee onboarding
• best to repeat regularly

Security training provides users with the knowledge they need to protect the organization’s security.

Security awareness keeps the lessons learned during security training top of mind for employees.

• uses posters, emails, videos, etc.

Key Topics to Cover

• Passwords
  • 8 characters minimum
  • combination of upper case, lower case, numbers, and special characters
  • Passwords should not be written down
  • should not be shared
  • change passwords regularly
    • 60-90 days
  • passwords should not be reused
    • last 4 passwords
  • Account lockout policies should be used
    • Lockout after 3 failed user login attempts
  • Default passwords should be changed
    • new user default password expires after 1st use
• Social Engineering Training
  • trust but verify
• Network usage
  • discuss public/insecure networks
  • don’t allow foreign devices to connect to enterprise network
  • use guest networks
  • restrict usage of corporate resources on outside networks
  • Use VPNs
• Malware
• Personal equipment
• Clean desk policies
  • states that sensitive information shouldn’t be left unattended on a desk for any significant period of time
• Familiarity with policy and regulatory knowledge