Cyber Security Awareness Training, Page 2 Reviews

make it shorter

I already can't remember half of it because it was too long but it needed to be that long for the amount of content?! So catch 22 really. Better bitesize maybe.At least there was a human talking to us during the training!

It would be great if, for renewals, you could offer a shorter course.

This training is outdated. For example, it recommends the use of a VPN to protect against "man in the middle attacks" (I assume this is a reference to ARP spoofing). Since the widespread adoption of HTTPS (and addons such as HTTPS Everywhere by the Electronic Frontier Foundation, which was retired in 2022 due to the near-ubiquity of HTTPS), the AES encryption provided by a VPN comes from HTTPS (among many other ciphers available at handshake).Another example gives the time to recover from a DoS attack as a few hours. As I understand, this varies depending on how the site is hosted. If hosted by a provider with sufficient bandwidth (e.g. many big-tech companies such as AWS and Google), then more bandwidth is made available server side so apart from costing the business more (assuming they are doing nothing to mitigate, such as using a CAPCHA (although not necessarily the original implementations from 20 years ago)), there's no negligible difference in legitimate user experience. If the website is self-hosted on dedicated hardware however, being overwhelmed by a DoS attack is a more serious affair.Regarding the writing-down of passwords, while the points made in the B-roll about not writing it on a post-it note stuck to a monitor is very sensible, if the threat profile makes meatspace attacks unlikely, securely storing hard copies of passwords is acceptable. NCSC (https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#tip4-password-collection "If a password manager is not suitable you should provide physical storage for recorded passwords such as a secure cabinet. You may also need secure storage for MFA tokens. This should be separate from the stored password.") even suggests this if password managers are unavailable (several companies prohibits users from installing software without admin privileges as a security measure, even if that is to install software like password managers to increase their security).In addition to the issues around the accuracy of your content (of which the above are but 3 examples), your insistence on not being able to skip videos (even to jump to a specific part of the video after watching it the first time) or do the assessment to check/demonstrate knowledge so a more appropriate course can be taken is infuriating. Your course reminds me of a stand-up comedy joke by Dara O Briain concerning NCT classes, an unhelpful course sharing dubious knowledge where attendance is not to learn anything but to serve a secondary purpose that makes the course necessary due to historical reasons. The constant fighting against the content (lack of jumping after first viewing, not being able to jump to the quiz, etc.) makes your whole platform feel like a straitjacket and it is most unpleasant. I have printed my certificate in a bid to prolong the amount of time before I ever have to do this again. Apologies for not keeping this to a paragraph (although it would then be a very long paragraph) What time I could have spent editing this down was consumed by your course.

Very difficult to stay in engaged as it was far too long and the 'dead pan' delivery just made me lose interest.

Very boring and a lot is common sense and identical to the mini courses we have been sent to complete.

No summary provided

i dont know what it is exactly, but this course is tiring, out of date, and not really relevant. it doesnt take into account that people already know and do stuff like this.

If I already know enough to pass the test, why make me wast 45minutes watching videos?

If you don't already know this, you shouldn't be using a computer.