Information Security Awareness Training

Cybersecurity Resources Page

Cybersecurity Resources
curated by Professor Daniel J. Solove


Professor Solove’s Scholarship

Daniel J. Solove and Danielle K. Citron, Risk and Anxiety: A Theory of Data Breach Harms

Daniel J. Solove, Identity Theft, Privacy, and the Architecture of Vulnerability

Professor Solove’s Blogs and Interviews

Daniel J. Solove, The Future of Cybersecurity Insurance and Litigation: An Interview with Kimberly Horn – In this blog post, Professor Solove interviews Kimberly Horn, who is the Global Focus Group Leader for Cyber Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to data breaches and network intrusions. She also has extensive experience managing class action litigation, regulatory investigations, and PCI negotiations arising out of privacy breaches

Daniel J. Solove, Did the LabMD Case Weaken the FTC’s Approach to Data Security? – In this blog post, co-authored with Professor Woodrow Hartzog, Daniel Solove analyzes the U.S. Court of Appeals for the 11th Circuit’s long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018).

Daniel J. Solove, Cybersecurity vs. Humans: The Human Problem Requires a Human Answer – In this blog post, Professor Solove discusses how information security is only in small part a technology problem and that it is largely a human problem.

Daniel J. Solove, Law Firm Cybersecurity: An Industry at Serious Risk – In this post, Daniel Solove shares the two major reasons that law firms make excellent targets for fraudsters.

Daniel J. Solove, Attorney Confidentiality, Cybersecurity, and the Cloud – In this blog post, Professor Solove examines the significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations.

Daniel J. Solove, Does Cybersecurity Law Work Well? An Interview with Ed McNicholas – Daniel Solove interviews Ed, a partner at Sidley Austin LLP, and one of the foremost experts on cybersecurity law.

Security ResourcesSecurity Awareness Training

Security Training Awareness FAQIn this document, Professor Solove answers the following questions (and more) – What does the law require for security awareness training? What are organizations currently doing? What should they be doing?

Privacy Training and Data Security Training Requirements – Many laws, regulations, and industry codes require privacy awareness training and/or data security awareness training. These include 1) International Laws – including GDPR and Personal Information Protection and Electronic Document Act (PIPEDA); 2) US Federal Laws, Regulations, and Treaties – including HIPAA Privacy and Security Rules, Gramm-Leach-Bliley Act (GLBA), FACTA – FTC Red Flags Rule, Federal Information Security Management Act (FISMA), Federal Acquisitions Regulation, and EU-US Privacy Shield Framework; 3) US State Laws and Regulations – including New York Cybersecurity Regulation, Texas Health Privacy Law, and Massachusetts Data Security Law; 4) Standards and Industry Codes – Payment Card Industry Data Security Standard (PCI-DSS), ISO/IEC 27002, and NIST Special Publication 800-53 (Revision 4). This Guide, written by Professor Daniel Solove, will walk you through a brief description of each requirement with excerpts of the relevant provisions.

Effective Security Training – Professor Solove offers 7 tips for making security training for employees more effective and memorable.

What Should Privacy Awareness Training Include – Privacy awareness training educates an organization’s workforce about the way that the organization protects privacy and the workforce’s role in this endeavor. In this post, Professor Solove explains the key components that privacy awareness training should include.

Data Security Training Program – The Data Security Training Program is designed to provide basic data security awareness training to the workforce of global organizations. The course synthesizes data security best practices and explains them simply. This course covers the essential topics for protecting the security of confidential data and addresses the latest security threats. The program focuses on key concepts of data security common to all organizations as well as provides guidance on how to avoid costly data security breaches.

5 Key Points for Data Security – This is a 7-minute highly-engaging data security training program that can help reinforce the most important points for information security for employees at your organization.

Avoiding Phishers, Hackers and Social Engineers – This information security training course (~15 minutes) teaches phishing protection and how to avoid being victimized by hacker tricks and social engineering. The course covers the various techniques of social engineering (such as phishing, baiting, and pretexting), common phishing techniques, the types of threats contained in email, and the dangers from visiting websites or downloading software. The course teaches how to recognize the tricks that fraudsters use and how to avoid being victimized.

Social Engineering: Spies and Sabotage – This information security training program, Social Engineering: Spies and Sabotage, is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams.

Phishing – This 5.5-minute phishing training course provides a short introduction to the threat of phishing. “Phishing” is a term for when fraudsters try to trick people into revealing confidential data, clicking on malicious attachments, or visiting malicious websites. The course discusses phishing through email, phone, and websites. It covers common phishing techniques, as well as spear phishing.

MalwareThis short data security training course provides an overview of what malware is and why it is dangerous. It details the five major types of malware and how users can identify them. It also discusses how most malware requires human action to infect a computer, how people can avoid malware and what to do (and not to do) if this ever happens.

Humans are the Biggest Data Security Risk – This security awareness training course (~5 minutes) explains to trainees that humans are the biggest data security risk. The course discusses how human error can lead to data breaches and how people can avoid common pitfalls and mistakes.


Ed McNicholas, Cybersecurity: A Practical Guide to the Law of Cyber Risk

Kevin Mitnick, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

Bruce Schneier, Secrets and Lies: Digital Security in a Networked World

Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive

Bruce Schneier, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World

Bruce Schneier, Beyond Fear: Thinking Sensibly About Security in an Uncertain World

Adam Shostack, Threat Modeling: Designing for Security

Scholarly Articles

Derek E. Bambauer, Ghost in the Network

Andrea M. Matwyshyn, Data Devolution: Corporate Information Security, Consumers, and Future of Regulation

William McGeveran, Duty of Data Security

Sasha Romanosky, David Hoffman & Alessandro Acquisti, Empirical Analysis of Data Breach Litigation

Paul M. Schwartz & Edward J. Janger, Notification of Data Security Breaches

David Thaw, Cybersecurity Stovepiping

David Thaw, Data Breach (Regulatory) Effects

David Thaw, Redefining Cybersecurity Policy

Security Laws and Regulations

HIPAA Security Rule Checklist – The HIPAA Security Rule covers electronic protected health information (ePHI), which is any individually identifiable health information in electronic format. It has 18 safeguards standards, each of which is mandatory, along with 36 implementation specifications. Professor Daniel Solove created this 6-page checklist of the HIPAA Security Rule’s standards and specifications to help summarize them in a user-friendly manner. This checklist covers the HIPAA Administrative Safeguards, HIPAA Physical Safeguards, and HIPAA Technical Safeguards.

Security Frameworks

ISO 27001

NIST 800-53

Security Humor

Cartoon: Devils of Data Security – A cartoon about data security — a twist on the angel on one shoulder and devil on the other.

Cartoon: Dark Web – A cartoon by Professor Solove about passwords on the Dark Web.

The Funniest Hacker Stock Photos – Professor Daniel Solove shares some of the stock photos he discovered some that are so absurdly funny that they are true classics and that he felt deserved to be celebrated in a hall of fame.

The Funniest Hacker Stock Photos 2.0 – Daniel Solove shares another round of the funniest hacker stock photos that he found when looking for training photos.

The Funniest Hacker Stock Photos 3.0 – Daniel Solove shares a third round of the funniest hacker stock photos that he found when looking for training photos.

The Funniest Hacker Stock Photos 4.0 – Daniel Solove shares a fourth round of the funniest hacker stock photos that he found when looking for training photos.

Security Media and Fiction

5 Great TV Series About Privacy and Security – In this post, Daniel Solove examines television shows that focus on privacy and security issues.

6 Great Films About Privacy and Security – Professor Solove shares 6 of his favorite films about privacy and security topics.

5 Great Novels About Privacy and Security – In this blog post, Professor Daniel Solove shares that he is a lover of literature (he taught a class in law and literature), and he also loves privacy and security, so he thought he’d list some of his favorite novels about privacy and security.


 Divider 02

About Professor Solove and TeachPrivacy

Daniel Solove Data Security Training Professor Daniel J. Solove is a law professor at George Washington University Law School and the leading expert on privacy and data security law. He has taught privacy law every year since 2000, has published 10 books and more than 50 articles, including the leading textbook on information privacy law and a short guidebook on the subject. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.

TeachPrivacy provides HIPAA training, privacy awareness training, information security awareness training, phishing training, FERPA training, PCI training, as well as training on many other privacy and security topics.  TeachPrivacy was founded by Professor Solove, who is deeply involved in the creation of all training programs because he believes that training works best when made by subject-matter experts and by people with extensive teaching experience.

Divider 02

Please Contact Us If You Are Interested In
Privacy or Security Training

We can provide you with a login so you can evaluate the programs. Click here for our catalog.

    First Name

    Last Name




    Phone No.


    Please tell us about your training needs

    Professor Solove’s newsletter covers his latest writings, events, and training. It is sent weekly.
    You can unsubscribe at any time. Click to see a sample issue.
    Would you be interested in subscribing?
    YesNoAlready Subscribed