Settings
Language
Color Theme
Responsible Administration
In this training, we'll learn how secure and responsible administration helps to protect sensitive data, safeguard critical systems, and mitigate security risks.
Defining Privileged Access
Privileged access refers to the elevated level of permissions and capabilities granted to certain users within an organization, allowing them to access, modify, or control critical systems, sensitive data, and administrative functions.
Is the following statement True or False:
Privileged users don't need to adhere to company policies or procedures
Being in a position of power, privileged users must adhere to the highest ethical standards. Their actions should always align with company policies, procedures, and legal requirements.
View Options Again
True
False
Risks & Challenges
Privileged accounts increase the potential attack surface of an organization, as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
What's a potential security impact of having too many privileged users?
Privileged accounts increase the potential attack surface of an organization as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
View Options Again
Administration activities will be easier to perform.
More administrators mean there are more individuals protecting the organization.
The organization will become more efficient.
There's an increased attack surface that cybercriminals may exploit.
Tips & Tricks
To stay safe and secure, privileged users should always use multi-factor authentication, use secure communication methods, and remain aware of phishing threats.
Use Multi-Factor Authentication
Use Secure Communication Protocols
Remain Aware of Phishing Threats
Multi-Factor Authentication (MFA) should be enabled for administrators on all services, applications, and websites they use. Ideally, access should be centralized and controlled through Single-Sign-On (SSO) to reduce the need to manage separate passwords.
Avoid using insecure communication methods like FTP or Telnet, where passwords are communicated in plaintext. Ensure any network communication is encrypted and the certificate used to facilitate the encryption is trusted. Also, avoid the use of untrusted public Wi-Fi networks, but if you must, connect to a VPN.
Administrators are considered a prime target for cybercriminals. Whenever you receive an email, SMS, or social media message, always ask yourself if the message is expected, if the sender's address appears legitimate and known, and whether the message is asking you to perform an action that seems suspicious (e.g., click on a link).
Practicing Least Privilege
Using least privilege helps to reduce the overall attack surface an organization faces.
Restricting user access
Implementing role-based access control
Regularly reviewing privileges
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
Is the following statement True or False:
When granting users access, it's best to give slightly more access than what is needed.
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
View Options Again
True
False
Is the following statement True or False:
Access permissions shouldn't be based on predefined roles and responsibilities.
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
View Options Again
True
False
Is the following statement True or False:
It's important to conduct periodic audits to evaluate and update user permissions.
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
View Options Again
True
False
Wrapping Up
Privileged users hold a position of trust, and with this trust comes responsibilities. As administrators, we must ensure we follow security best practices and organizational policies and administer them ethically.
Back
Next
Translation Correction
×
Select a translation to correct...
Begin the Guided Tour
[0, "Begin the Guided Tour", "Begin the Guided Tour"],
Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.
[1, "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.", "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action."],
Compose
[2, "Compose", "Compose"],
Folders
[3, "Folders", "Folders"],
Inbox
[4, "Inbox", "Inbox"],
Starred
[5, "Starred", "Starred"],
Draft
[6, "Draft", "Draft"],
Sent Mail
[7, "Sent Mail", "Sent Mail"],
Spam
[8, "Spam", "Spam"],
Trash
[9, "Trash", "Trash"],
[URGENT] Claim Your Work From Home Set-Up Payment
[10, "[URGENT] Claim Your Work From Home Set-Up Payment", "[URGENT] Claim Your Work From Home Set-Up Payment"],
Human Resources
[11, "Human Resources", "Human Resources"],
to
[12, "to", "to"],
Claim Your Work From Home Set-Up Payment
[13, "Claim Your Work From Home Set-Up Payment", "Claim Your Work From Home Set-Up Payment"],
Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of
[14, "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of", "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of"],
to ensure that you have a suitable home working set-up.
[15, "to ensure that you have a suitable home working set-up.", "to ensure that you have a suitable home working set-up."],
To receive the payment via payroll
[16, "To receive the payment via payroll", "To receive the payment via payroll"],
you will need to complete this
[17, "you will need to complete this", "you will need to complete this"],
acknowledgement form
[18, "acknowledgement form", "acknowledgement form"],
For more information on how to set up your home office space safely, please look at the
[19, "For more information on how to set up your home office space safely, please look at the", "For more information on how to set up your home office space safely, please look at the"],
Thank you
[20, "Thank you", "Thank you"],
The Human Resources Team
[21, "The Human Resources Team", "The Human Resources Team"],
This is an automatically generated email, please do not reply
[22, "This is an automatically generated email, please do not reply", "This is an automatically generated email, please do not reply"],
Is the following statement True or False
[23, "Is the following statement True or False", "Is the following statement True or False"],
View Options Again
[24, "View Options Again", "View Options Again"],
Email Subject: Urgent Action
[25, "Email Subject: Urgent Action", "Email Subject: Urgent Action"],
Phishing attacks are designed to put a
[26, "Phishing attacks are designed to put a", "Phishing attacks are designed to put a"],
time pressure on us to act fast
[27, "time pressure on us to act fast", "time pressure on us to act fast"],
This can cause us to skip much of the critical thinking we normally apply when browsing our emails
[28, "This can cause us to skip much of the critical thinking we normally apply when browsing our emails", "This can cause us to skip much of the critical thinking we normally apply when browsing our emails"],
Email Sender: Fradulent Address
[29, "Email Sender: Fradulent Address", "Email Sender: Fradulent Address"],
Email Sender: Fraudulent Address
[30, "Email Sender: Fraudulent Address", "Email Sender: Fraudulent Address"],
Attackers will often use
[31, "Attackers will often use", "Attackers will often use"],
obscure email addresses and use display names
[32, "obscure email addresses and use display names", "obscure email addresses and use display names"],
that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information
[33, "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information", "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information"],
Email Content: Engaging Topic
[34, "Email Content: Engaging Topic", "Email Content: Engaging Topic"],
Attackers often use a
[35, "Attackers often use a", "Attackers often use a"],
broad but important topic
[36, "broad but important topic", "broad but important topic"],
to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.
[37, "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.", "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes."],
Email Link: Phishing Website
[38, "Email Link: Phishing Website", "Email Link: Phishing Website"],
hovering over the link
[39, "hovering over the link", "hovering over the link"],
you'll see the true link location. Often this is enough to see the malicious intent.
[40, "you'll see the true link location. Often this is enough to see the malicious intent.", "you'll see the true link location. Often this is enough to see the malicious intent."],
Wrapping up
[41, "Wrapping up", "Wrapping up"],
If you
[42, "If you", "If you"],
spot anything suspicious
[43, "spot anything suspicious", "spot anything suspicious"],
with the email sender, subject, content, links or attachments
[44, "with the email sender, subject, content, links or attachments", "with the email sender, subject, content, links or attachments"],
Don't take the risk. Report the email to your IT or Security team for review.
[45, "Don't take the risk. Report the email to your IT or Security team for review.", "Don't take the risk. Report the email to your IT or Security team for review."],
Submit
[46, "Submit", "Submit"],
Next
[47, "Next", "Next"],
Back
[48, "Back", "Back"],
Malicious links will often appear with innocent looking text. By
[49, "Malicious links will often appear with innocent looking text. By", "Malicious links will often appear with innocent looking text. By"],
Correct!
[50, "Correct!", "Correct!"],
Incorrect
[51, "Incorrect", "Incorrect"],
True
[52, "True", "True"],
False
[53, "False", "False"],
Change language
[54, "Change language", "Change language"],
Current Language
[55, "Current Language", "Current Language"],
Use Browser Settings
[56, "Use Browser Settings", "Use Browser Settings"],
Select a language
[57, "Select a language", "Select a language"],
Change Language
[58, "Change Language", "Change Language"],
Please select a language
[59, "Please select a language", "Please select a language"],
Language
[60, "Language", "Language"],
Color Theme
[61, "Color Theme", "Color Theme"],
Color Theme And Background Selector
[62, "Color Theme And Background Selector", "Color Theme And Background Selector"],
Colorful Theme
[63, "Colorful Theme", "Colorful Theme"],
Select Theme
[64, "Select Theme", "Select Theme"],
Close
[65, "Close", "Close"],
Dark Theme
[66, "Dark Theme", "Dark Theme"],
Green Theme
[67, "Green Theme", "Green Theme"],
Purple Theme
[68, "Purple Theme", "Purple Theme"],
Light Theme
[69, "Light Theme", "Light Theme"],
Blue Theme
[70, "Blue Theme", "Blue Theme"],
Settings
[71, "Settings", "Settings"],
Theme Selected
[72, "Theme Selected", "Theme Selected"],
This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!
[73, "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!", "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!"],
Translation Correction
[74, "Translation Correction", "Translation Correction"],
Select a translation to correct...
[75, "Select a translation to correct...", "Select a translation to correct..."],
Original Text
[76, "Original Text", "Original Text"],
Correct Translation
[77, "Correct Translation", "Correct Translation"],
Translation to correct...
[78, "Translation to correct...", "Translation to correct..."],
Submissions are reviewed and applied within 48 hours.
[79, "Submissions are reviewed and applied within 48 hours.", "Submissions are reviewed and applied within 48 hours."],
Submit Correction
[80, "Submit Correction", "Submit Correction"],
Submission Successfully Sent
[81, "Submission Successfully Sent", "Submission Successfully Sent"],
Submission Error - Please Try Again
[82, "Submission Error - Please Try Again", "Submission Error - Please Try Again"],
Submission Sending...
[83, "Submission Sending...", "Submission Sending..."],
Mandatory Viewing
[84, "Mandatory Viewing", "Mandatory Viewing"],
Please watch the video from beginning to end before proceeding.
[85, "Please watch the video from beginning to end before proceeding.", "Please watch the video from beginning to end before proceeding."],
Ok
[86, "Ok", "Ok"],
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
[87, "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.", "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant."],
Privileged-User-Best-Practices
[88, "Privileged-User-Best-Practices", "Privileged-User-Best-Practices"],
Responsible Administration
[89, "Responsible Administration", "Responsible Administration"],
In this training, we'll learn how secure and responsible administration helps to protect sensitive data, safeguard critical systems, and mitigate security risks.
[90, "In this training, we'll learn how secure and responsible administration helps to protect sensitive data, safeguard critical systems, and mitigate security risks.", "In this training, we'll learn how secure and responsible administration helps to protect sensitive data, safeguard critical systems, and mitigate security risks."],
Defining Privileged Access
[91, "Defining Privileged Access", "Defining Privileged Access"],
Privileged access refers to the elevated level of permissions and capabilities granted to certain users within an organization, allowing them to access, modify, or control critical systems, sensitive data, and administrative functions.
[92, "Privileged access refers to the elevated level of permissions and capabilities granted to certain users within an organization, allowing them to access, modify, or control critical systems, sensitive data, and administrative functions.", "Privileged access refers to the elevated level of permissions and capabilities granted to certain users within an organization, allowing them to access, modify, or control critical systems, sensitive data, and administrative functions."],
Privileged users don't need to adhere to company policies or procedures
[93, "Privileged users don't need to adhere to company policies or procedures", "Privileged users don't need to adhere to company policies or procedures"],
Being in a position of power, privileged users must adhere to the highest ethical standards. Their actions should always align with company policies, procedures, and legal requirements.
[94, "Being in a position of power, privileged users must adhere to the highest ethical standards. Their actions should always align with company policies, procedures, and legal requirements.", "Being in a position of power, privileged users must adhere to the highest ethical standards. Their actions should always align with company policies, procedures, and legal requirements."],
Risks & Challenges
[95, "Risks & Challenges", "Risks & Challenges"],
Privileged accounts increase the potential attack surface of an organization, as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
[96, "Privileged accounts increase the potential attack surface of an organization, as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.", "Privileged accounts increase the potential attack surface of an organization, as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented."],
What's a potential security impact of having too many privileged users?
[97, "What's a potential security impact of having too many privileged users?", "What's a potential security impact of having too many privileged users?"],
There's an increased attack surface that cybercriminals may exploit.
[98, "There's an increased attack surface that cybercriminals may exploit.", "There's an increased attack surface that cybercriminals may exploit."],
Administration activities will be easier to perform.
[99, "Administration activities will be easier to perform.", "Administration activities will be easier to perform."],
The organization will become more efficient.
[100, "The organization will become more efficient.", "The organization will become more efficient."],
More administrators mean there are more individuals protecting the organization.
[101, "More administrators mean there are more individuals protecting the organization.", "More administrators mean there are more individuals protecting the organization."],
Privileged accounts increase the potential attack surface of an organization as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
[102, "Privileged accounts increase the potential attack surface of an organization as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.", "Privileged accounts increase the potential attack surface of an organization as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented."],
Tips & Tricks
[103, "Tips & Tricks", "Tips & Tricks"],
To stay safe and secure, privileged users should always use multi-factor authentication, use secure communication methods, and remain aware of phishing threats.
[104, "To stay safe and secure, privileged users should always use multi-factor authentication, use secure communication methods, and remain aware of phishing threats.", "To stay safe and secure, privileged users should always use multi-factor authentication, use secure communication methods, and remain aware of phishing threats."],
Use Multi-Factor Authentication
[105, "Use Multi-Factor Authentication", "Use Multi-Factor Authentication"],
Multi-Factor Authentication (MFA) should be enabled for administrators on all services, applications, and websites they use. Ideally, access should be centralized and controlled through Single-Sign-On (SSO) to reduce the need to manage separate passwords.
[106, "Multi-Factor Authentication (MFA) should be enabled for administrators on all services, applications, and websites they use. Ideally, access should be centralized and controlled through Single-Sign-On (SSO) to reduce the need to manage separate passwords.", "Multi-Factor Authentication (MFA) should be enabled for administrators on all services, applications, and websites they use. Ideally, access should be centralized and controlled through Single-Sign-On (SSO) to reduce the need to manage separate passwords."],
Use Secure Communication Protocols
[107, "Use Secure Communication Protocols", "Use Secure Communication Protocols"],
Avoid using insecure communication methods like FTP or Telnet, where passwords are communicated in plaintext. Ensure any network communication is encrypted and the certificate used to facilitate the encryption is trusted. Also, avoid the use of untrusted public Wi-Fi networks, but if you must, connect to a VPN.
[108, "Avoid using insecure communication methods like FTP or Telnet, where passwords are communicated in plaintext. Ensure any network communication is encrypted and the certificate used to facilitate the encryption is trusted. Also, avoid the use of untrusted public Wi-Fi networks, but if you must, connect to a VPN.", "Avoid using insecure communication methods like FTP or Telnet, where passwords are communicated in plaintext. Ensure any network communication is encrypted and the certificate used to facilitate the encryption is trusted. Also, avoid the use of untrusted public Wi-Fi networks, but if you must, connect to a VPN."],
Remain Aware of Phishing Threats
[109, "Remain Aware of Phishing Threats", "Remain Aware of Phishing Threats"],
Administrators are considered a prime target for cybercriminals. Whenever you receive an email, SMS, or social media message, always ask yourself if the message is expected, if the sender's address appears legitimate and known, and whether the message is asking you to perform an action that seems suspicious (e.g., click on a link).
[110, "Administrators are considered a prime target for cybercriminals. Whenever you receive an email, SMS, or social media message, always ask yourself if the message is expected, if the sender's address appears legitimate and known, and whether the message is asking you to perform an action that seems suspicious (e.g., click on a link).", "Administrators are considered a prime target for cybercriminals. Whenever you receive an email, SMS, or social media message, always ask yourself if the message is expected, if the sender's address appears legitimate and known, and whether the message is asking you to perform an action that seems suspicious (e.g., click on a link)."],
Practicing Least Privilege
[111, "Practicing Least Privilege", "Practicing Least Privilege"],
Using least privilege helps to reduce the overall attack surface an organization faces.
[112, "Using least privilege helps to reduce the overall attack surface an organization faces.", "Using least privilege helps to reduce the overall attack surface an organization faces."],
Restricting user access
[113, "Restricting user access", "Restricting user access"],
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
[114, "When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.", "When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data."],
Implementing role-based access control
[115, "Implementing role-based access control", "Implementing role-based access control"],
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
[116, "Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.", "Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles."],
Regularly reviewing privileges
[117, "Regularly reviewing privileges", "Regularly reviewing privileges"],
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
[118, "It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.", "It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment."],
When granting users access, it's best to give slightly more access than what is needed.
[119, "When granting users access, it's best to give slightly more access than what is needed.", "When granting users access, it's best to give slightly more access than what is needed."],
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
[120, "When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.", "When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data."],
Access permissions shouldn't be based on predefined roles and responsibilities.
[121, "Access permissions shouldn't be based on predefined roles and responsibilities.", "Access permissions shouldn't be based on predefined roles and responsibilities."],
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
[122, "Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.", "Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles."],
It's important to conduct periodic audits to evaluate and update user permissions.
[123, "It's important to conduct periodic audits to evaluate and update user permissions.", "It's important to conduct periodic audits to evaluate and update user permissions."],
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
[124, "It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.", "It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment."],
Wrapping Up
[125, "Wrapping Up", "Wrapping Up"],
Privileged users hold a position of trust, and with this trust comes responsibilities. As administrators, we must ensure we follow security best practices and organizational policies and administer them ethically.
[126, "Privileged users hold a position of trust, and with this trust comes responsibilities. As administrators, we must ensure we follow security best practices and organizational policies and administer them ethically.", "Privileged users hold a position of trust, and with this trust comes responsibilities. As administrators, we must ensure we follow security best practices and organizational policies and administer them ethically."],
[127, "", ""],
Original Text (English)
Correct Translation (English)
Submissions are reviewed and applied within 48 hours.
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
