Introduction
In today’s rapidly evolving digital world, computers have become an indispensable part of daily and professional life—from using email and managing files to interacting with government, financial, and healthcare systems. However, this massive technological expansion is accompanied by increasing cyber threats and attacks targeting personal information and sensitive data of individuals and organizations alike.
Since the "human element" is often the weakest link in the cybersecurity chain, it is vital to raise user awareness and equip them with essential digital security skills. This protects both individuals and their organizations from breaches, fraud, data theft, and malware. To address this need, the "Certified Secure Computer User (CSCU)" training program was developed as a comprehensive professional foundation for every user seeking to understand cybersecurity principles and apply secure computing practices.
General Objective
The CSCU program aims to empower trainees with fundamental cybersecurity knowledge and skills, enabling them to apply best practices for protecting their devices, data, and digital accounts. It enhances their ability to interact safely with computers, the internet, and email, thereby raising security awareness and mitigating cyber risks in both professional and daily environments.
Detailed Learning Objectives
By the end of the program, the trainee will be able to:
-
Understand the fundamentals of cybersecurity.
-
Apply account protection and password management practices.
-
Secure computer hardware and operating systems.
-
Detect and prevent malware.
-
Protect internet browsing and web browsers.
-
Enhance the security of email and digital communications.
-
Secure home and office networks.
-
Manage sensitive data and secure storage.
-
Counter social engineering and online fraud.
-
Implement incident response steps.
Training Modules
Day 1
-
Module 1: Introduction to Secure Computing
-
Concepts of Cybersecurity and Information Security.
-
Types of digital threats (Breaches, Spying, Data Theft, Sabotage).
-
The difference between InfoSec, Cybersecurity, and Network Security.
-
Risk classification: Low – Medium – High.
-
Activity: Analyzing a breach scenario and identifying vulnerabilities.
-
-
Module 2: Account and Password Protection
-
Strong password criteria (Length, Complexity, Periodic Rotation).
-
Multi-Factor Authentication (MFA).
-
Password Managers.
-
Practical Application: Creating strong passwords and enabling 2FA.
-
Day 2
-
Module 3: OS and Software Protection
-
System and software updates (Patching).
-
Security settings in Windows/macOS.
-
Firewall types and configurations.
-
User privilege management (Administrator vs. Standard User).
-
Practical Activity: Configuring Windows Security settings.
-
-
Module 4: Malware and Prevention
-
Types of malware: Viruses, Worms, Trojans, Ransomware, Spyware.
-
Infection vectors (How they enter the system).
-
The role of Antivirus software.
-
Analyzing Ransomware attack models.
-
Activity: Comparison of Antivirus solutions (Kaspersky, Bitdefender, Windows Defender).
-
Day 3
-
Module 5: Internet and Browser Security
-
Risks of insecure browsing.
-
Security certificates (HTTPS).
-
Malicious browser extensions.
-
Clearing cookies and temporary files.
-
Practical Application: Configuring Google Chrome security settings.
-
-
Module 6: Email Security
-
Phishing attacks.
-
Suspicious email indicators (Red Flags).
-
Malicious attachments and links.
-
Corporate email protection.
-
Activity: Analyzing training samples to identify malicious emails.
-
Day 4
-
Module 7: Network Security (Home & Office)
-
Securing Wireless Networks (Wi-Fi): WPA3, SSID, Firewall.
-
Secure Router configurations.
-
Risks of Public Wi-Fi.
-
Virtual Private Networks (VPN): When to use them?
-
Practical Application: Steps to secure a home router.
-
-
Module 8: Data Management and Secure Storage
-
Data classification (Public, Internal, Private, Confidential).
-
Encryption.
-
Backup strategies (The 3-2-1 Rule).
-
Secure Cloud Storage.
-
Activity: Designing a personal backup plan.
-
Day 5
-
Module 9: Social Engineering and Human Attacks
-
Attacker methods: Fraud, Impersonation, Fake Support, Malicious Links.
-
Famous social engineering attacks: Vishing, Smishing, Baiting, Tailgating.
-
Activity: Social Engineering Role-Play.
-
-
Module 10: Security Incident Response
-
Defining a security incident.
-
Response steps: Identification, Containment, Eradication, Recovery.
-
Internal organizational reporting.
-
Business Continuity and Disaster Recovery.
-
Practical Application: Building a simplified Incident Response plan.
-
Accreditation
-
Local Accreditation: Institute of Research and Consulting Studies at Bisha University – Mutqin for Professional Certificates.
-
International Accreditation: EC-Council (International Council of E-Commerce Consultants), USA.
Program Parameters
-
Language: Arabic, supported by technical English terminology.
-
Duration: 25 Training Hours.
-
Schedule: 5 Days.
-
Training Type: Online (Distance Learning).
Program Outcomes
-
Knowledge: Mastery of cybersecurity concepts, threat types, and common attack vectors.
-
Applied Skills: Ability to secure OS, browsers, and networks; manage MFA; perform backups; and execute incident response steps.
-
Attitudes: Commitment to safe computing practices, enhanced security self-awareness, and digital responsibility.
Target Audience
-
All computer users in government and private sectors.
-
New employees requiring security awareness training.
-
Students and tech enthusiasts.
-
Home users involved in e-commerce or online banking.
-
Customer service and technical support staff.
Program Features
-
Comprehensive content based on international standards.
-
Simplified and clear training approach for non-specialists.
-
Practical training and direct applications.
-
Focus on digital life skills and modern attack scenarios.
Exam Mechanism
-
Passing Score: Minimum 70%.
-
Format: 30–40 Multiple-Choice Questions (MCQ).
-
Language: English (Arabic also available).
-
Method: Online via PC or Laptop only.
-
Requirements: Camera and Microphone are mandatory.
