ISAT is pronounced "Eye sat", and stands for Internet Security Awareness Training. It's our bread and butter here at KnowBe4.com, so it's something we like to communicate about regularly, clearly, and concisely. Simply put, ISAT is a form of training that seeks to equip members of an organization with information they need to protect themselves and their organization's assets from loss or harm. For the purposes of any ISAT discussion, members of an organization include employees, temps, contractors, and anybody else who performs authorized functions online for an organization. Organizations that must comply with regulations such as PCI (Payment Card Initiative), HIPAA (Health Insurance Portability and Accountability Act of 1996), or the Sarbanes-Oxley reporting requirement, and more, usually deliver ISAT to all employees once or perhaps twice a year. And even though Small and Medium Enterprises may not require ISAT for compliance reasons, they can also benefit from training their employees to avoid cyberheists through phishing attacks, account takeovers, or other well-known means that cybercriminals use to misappropriate company funds.
Normally, ISAT training covers the following topic areas in some form or fashion, perhaps in an instructor-led classroom session, or through self-paced training materials delivered online:
Normally, ISAT training covers the following topic areas in some form or fashion, perhaps in an instructor-led classroom session, or through self-paced training materials delivered online:
- How to protect sensitive information and data on computer systems, through password policy, encryption, secure sessions, and more
- Discussion and information about prevalent security threats and concerns on the Internet, including phishing, malware, social engineering, and current threats and attack techniques
- A review of basic principles of safe computing: don't click links in e-mail, on Web pages, Tweets, or on social networking posts, always access online banking and financial accounts on your own initiative, never disclose passwords, account details, or other sensitive information via e-mail or in response to e-mail requests, and so forth
- Explanation of what can go wrong if important data is not properly protected, including potential job termination, financial damages to the organization, damage to firms or individuals subject to unwanted or unauthorized disclosure of private records, plus possible civil and criminal penalties
Ultimately security awareness means understanding that bad guys are out there on the Internet, constantly seeking ways to steal information and money from organizations, either by obtaining it through trickery from employees (social engineering) or through stealth technology (malware, especially Trojans and keyloggers) from their computers. ISAT seeks to raise awareness and to change employee attitudes toward Internet Security, so they perceive it as a vital and important part of their organization's defenses against attack, theft, and loss.
Related Pages: Security Awareness Training
