Red Sun Security Awareness Training

Red Sun CyberPhysical and Information Security Awareness Training is tailored for non-technical employees without prior knowledge of physical, information, and cyber security concepts. We provide short and discrete lessons that can be viewed in 10 or fewer minutes yet do not exist in isolation from one another. Spaced repetition of security concepts throughout the course will ensure that students with minimal prior security training can learn and retain each module’s most vital lessons while still progressing toward new material. The course covers information security and cybersecurity principles in both physical and virtual spaces.

Figure 1-1: Information Security and Cybersecurity cover multiple areas and include both the control of information and governance of systems

Security Awareness Mindset

Red Sun CyberPhysical and Information Security Awareness Training for Non-Technical Employees is focused on enhancing employees’ awareness and conduct of security awareness best practices. Our approach is to first help students understand the context of the current information security environment and what it means to be secure and compliant in today’s environment. Our course trains students to understand awareness through combat-proven security baselining and awareness methodologies and operational security best practices used by military personnel. Our model incorporates Combat-Hunter, OODA Loop, and Cooper Color Code awareness techniques.

Figure 1-2: Our security awareness mindset combines several techniques to help employees and security personnel understand threat models, identify bad behavior, and report it.

Purpose > Standard > Process Model

Once students have a baseline for information security compliance and practice, they can be educated on specific threats. In each module, training provides students with information on threat vectors so they can better recognize security threats. The program focuses on a three step process for training employees. This methodology is simple and concise, helping employees visualize security goals, understand threats, and mitigate and/or report those threats to appropriate individuals.

Define a Security Goal (Purpose): What is the specific threat? What does information security compliance success for employees look like?

Define a Success Method (Standard): What are normal threat vectors? How can an employee be successful in achieving the security goal?

Define Risk, a Mitigation Process and Map to Compliance Standard (Process): What are the 2nd and 3rd order of effects if employee efforts fail? What is the specific compliance requirement according to state and federal law?

Security Readiness Reporting

At Red Sun, security is a holistic concept and it is our intention that students benefit from security awareness training not only in their workplaces, but also in their private lives. Our course will train students to be able to detect threats to their security in multiple domains to include the 15 topics outlined in this RFP as well as in novel situations. In today’s fast changing threat environment, it is essential for students to be able to apply generalized concepts to novel situations in a reliable manner.

Figure 1-3: Example of Security Readiness Objectives Completion Table

Our course teaches students to develop successful security habits and shows their application in a variety of situations. Though new threat environments and situations are discussed during lessons, vital concepts in security are elucidated multiple times. This “spaced repetition” of security concepts throughout the course will ensure that students with minimal prior security training can learn and retain each module’s most important lessons while avoiding boring rereading that may allow some students to lose focus while viewing lesson modules.