Privileged Access Training for Privileged Users

• Author
• Recent Posts

Karen Scarfone

Karen Scarfone is the Principal Consultant for Scarfone Cybersecurity. She develops cybersecurity-related publications for federal agencies, media companies, and other organizations. She was formerly a Senior Computer Scientist at the National Institute of Standards and Technology (NIST). Karen has co-authored over 100 NIST Special Publications and Interagency Reports on a wide variety of cybersecurity topics. In addition, she has co-authored or contributed to 16 books and published over 200 articles on cybersecurity topics. Karen holds master’s degrees in computer science and technical writing, and she has worked in IT for more than 30 years, with over 20 years of that dedicated to cybersecurity. In recognition of her work for federal agencies, Karen has received a Federal 100 award and Department of Commerce Gold Medal and Bronze Medal Awards.

Latest posts by Karen Scarfone (see all)

• Incident Response Planning - November 2, 2022
• Privileged Access Training - June 22, 2022
• Incident Response Training - June 21, 2022

Someone who has privileged access can function as an administrator, with the ability to access and modify systems, networks, applications, services, and/or other computing resources. Privileged accounts—the user accounts with privileged access—often referred to as the “keys to the kingdom” because they are so powerful. In the wrong hands, a privileged account enables someone to potentially do a great deal of harm with minimal effort.

Not surprisingly, attackers love to target privileged accounts. Recent studies by Centrify found that nearly three-fourths of data breaches and an astonishing 90% of attacks against cloud-based resources involved misuse of privileged accounts. Privileged accounts typically give the attacker either immediate access to sensitive data or high-value systems, or an easy and fast way to move laterally through an enterprise to reach their ultimate target, like a customer database. It is more important than ever for all users with privileged access to understand how to safeguard their privileged access and how to spot and avoid attacks.

Privileged access training is a powerful tool for reducing data breaches and other attacks. The resulting knowledge and mitigation techniques explained will make it much harder for attackers to compromise privileged accounts. The tougher and more time-consuming things are for attackers, the more likely you are to catch them before the attack succeeds, and the more likely they are to leave your enterprise and look for low-hanging fruit elsewhere.

It is incredibly important for your users with privileged access to understand how to use their accounts in a secure manner. I have been sharing my expertise in privileged access management with Deborah Nichols and her team at ELC Information Security to create a new Privileged Access training course. This course explains to your privileged users all the things they should do—and should not do—to reduce the risk that their privileged access accounts will become compromised.

Course Topics – Privileged Access Training for Privileged Users:

• How users should safeguard their privileged account credentials and computers.
• What types of tasks users should and should not perform with privileged accounts.
• When and where privileged account access use is permitted.
• How to protect sensitive information encountered while a using privileged access account.

Finally, the course also discusses user abuse of privileges, with several examples that users should not do with their privileges. The fundamental lesson is that just because privileges allow you to do something does not mean that it is OK for you to do it. Having privileged access itself is a privilege, and this course helps ensure your users know their responsibilities.

For more information on the Privileged Access course, click on the Role-Based Training link below. ELC can customize the course to reflect your company’s policies, procedures, and lingo so it is tailor-made for your privileged users.