1. Program Overview

This program is designed to equip professionals and organizations with critical awareness and skills to mitigate cybersecurity risks and uphold data privacy in an increasingly digital and interconnected environment. The program addresses the growing threats of cyberattacks, data breaches, ransomware, social engineering, and insider threats, with emphasis on building a culture of cybersecurity vigilance and regulatory compliance.

It also explores both technical and human dimensions of cybersecurity, including data protection laws, secure digital practices, emerging threats, and organizational resilience strategies.

2. Training Objectives

By the end of the program, trainees will be able to:

• Understand core concepts and types of cyber threats
• Identify potential vulnerabilities within their systems and practices
• Apply best practices in digital hygiene and data handling
• Recognize and respond appropriately to phishing and social engineering attacks
• Align with data protection regulations (e.g., Kenya Data Protection Act, GDPR)
• Build organizational cyber resilience and business continuity
• Promote a security-conscious culture within the workplace

3. Target Trainees

• ICT managers and system administrators
• Compliance and legal officers
• Data protection officers
• Human resource and operations personnel
• Frontline customer service staff
• Executives and board members
• General staff in public and private sectors

4. Main Discussion Items / Modules

• Module 1: Introduction to Cybersecurity
• Importance of cybersecurity in today’s world
• Common types of cyber threats and attack vectors
• Impact of cyber incidents on individuals and organizations
• Module 2: Human Factors and Social Engineering
• Phishing, vishing, smishing, and baiting
• Insider threats and behavioral risks
• How to identify and report suspicious activity
• Module 3: Data Protection and Privacy Compliance
• Overview of data protection regulations (Kenya DPA, GDPR, etc.)
• Principles of lawful data collection, processing, and storage
• Rights of data subjects and organizational obligations
• Preparing for data protection audits
• Module 4: Safe Use of Technology
• Email, internet, and password security
• Mobile device and remote work security
• Secure use of cloud platforms and collaboration tools
• Module 5: Incident Response and Reporting
• What to do in the event of a breach
• Reporting procedures and escalation paths
• Cybersecurity incident case studies
• Module 6: Organizational Cybersecurity Frameworks
• Cybersecurity policies and training protocols
• Roles and responsibilities in information security
• Risk assessment and mitigation strategies
• Cybersecurity culture building

5. Training Methodology

• Instructor-led sessions and interactive presentations
• Scenario-based learning and simulations
• Real-life case study reviews
• Quizzes and group exercises
• Policy review and gap identification
• Guided creation of a basic cyber hygiene checklist

6. Tasks

• Identify and report a simulated phishing email
• Evaluate your department’s data handling practices
• Draft a simple data protection checklist
• Review and comment on your organization’s ICT policy
• Conduct a mock cyber incident drill
• Map potential insider threat risks in your workflow