Kaspersky ASAP Project K-ASAP Express Project KAOT Project Small Projects Services Talks & Publications

Kaspersky ASAP Project

From 2018 to present
Content Team Leader, Chief Project Editor, Course Author

General Overview

The information security awareness programme Kaspersky Automated Security Awareness Platform (K-ASAP) is a training course currently consisting of 13 topics of 45,000–50,000 words each.

  • Passwords and accounts
  • Email
  • Websites and the Internet
  • Social networks and messengers
  • PC security
  • Mobile device security
  • Sensitive data
  • Personal data
  • Physical data security
  • GDPR
  • Industrial cybersecurity
  • Artificial intelligence and neural networks
  • Bank card security and PCI DSS

The platform materials are based on a competency model comprising more than 850 practical skills acquired by learners during training.

The platform is multilingual and is currently available in 33 languages: English, Arabic, Armenian, Bosnian, Hungarian, Vietnamese, Greek, Danish, Indonesian, Spanish, Spanish (Mexico), Italian, Kazakh, Catalan, Chinese (Traditional and Simplified), German, Dutch, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Thai, Turkish, French, Croatian, Czech, Swedish, and Japanese. The range of supported languages is continuously expanding. During localisation, cultural specifics of each region are taken into account (that is, not a literal translation but a full adaptation of content, including both text and visuals).

Each topic consists of 18–20 lessons, divided into four levels of difficulty. Each lesson focuses on a specific subtopic and is presented as a set of interactive slides (informational, assessment, and others).

In addition to lessons, the platform includes final tests that users must pass after completing each level, as well as a series of informational emails. The total volume of material presented on the Kaspersky ASAP platform exceeds 720,000 words (for comparison, Leo Tolstoy’s novel “War and Peace” contains approximately 188,000 words).

My Role in the Development of Kaspersky ASAP

Overall content development management

Since September 2018, I have led the team responsible for developing all Kaspersky ASAP content: lessons, interface texts, phishing emails, and more.

Competency model development

I developed the current version of the competency model, distributing the required practical skills across topics, levels, and lessons within the platform.

Content authoring

I personally authored the following topics for the platform:

  • Passwords and accounts: 20 lessons, 4 final tests, 4 reminder emails, and a phishing simulation
  • Email: 14 lessons, 3 final tests, 3 reminder emails, and 3 phishing simulations
  • Websites and the Internet: 20 lessons, 4 final tests, and 4 reminder emails
  • Social networks and messengers: 21 lessons, 4 final tests, 4 reminder emails, and 2 phishing simulations
  • PC security: 20 lessons, 4 final tests, 4 reminder emails, and 2 phishing simulations
  • Mobile device security: 22 lessons, 4 final tests, 4 reminder emails, and a phishing simulation
  • Sensitive data: 18 lessons, 4 final tests, and 4 reminder emails
  • Artificial intelligence and neural networks: 14 lessons, 2 final tests, and 2 reminder emails

Under my supervision, the topics “GDPR,” “Personal data,” “Physical data security,” “Bank card security and PCI DSS,” and “Industrial cybersecurity” were also developed. I carried out scientific and editorial review of all platform topics.

Phishing email development

I developed 8 out of 9 phishing attack simulations used to assess learners’ practical skills within the platform, as well as more than 150 phishing simulations for the phishing simulator.

Negotiations with local offices and agencies

As part of my work, I participated in negotiations on the localisation of K-ASAP into various languages and regularly conducted presentations and workshops on the use of the platform.

Educational Materials

Each lesson in the Kaspersky ASAP platform consists of 10–20 slides of various types: introductory, instructional, question-based, summary slides, and others.

Example of an introductory lesson slide:

Examples of instructional slides:

Example of a question slide:

Example of a summary slide:

To confirm their competency, learners must complete a test consisting of 10–15 questions at the end of each level. Example of a test start page:

Examples of question slides:

After completing each level, learners receive a reminder email summarising the material covered during training. Example:

At the end of certain levels, learners’ knowledge is additionally assessed through phishing attack simulations. Example of a phishing email from the first level of the “Passwords and Accounts” topic:

In addition, the system includes a number of interface emails for training managers and learners: welcome emails, course completion notifications, training statistics reports, certificates of completion, and others.

Phishing Simulator

In 2020, a phishing simulator was implemented within the Kaspersky ASAP platform—a system that allows organisations to assess employees’ level of information security awareness at any time. The simulator consists of a set of phishing emails of various types designed to test specific practical skills.

These emails assess a wide range of skills:

  • identifying phishing emails based on grammatical, semantic, and stylistic features;
  • recognising phishing emails through context and manipulative wording;
  • not sending passwords via email;
  • never filling in forms embedded in emails;
  • verifying links before clicking them;
  • identifying fake URLs through typos in domain names, incorrect top-level domains, and similar indicators;
  • never following links consisting solely of numbers;
  • recognising malicious attachments,

and so on.

My Role in Simulator Development

I conceived, wrote, and designed more than 150 emails for the simulator, and also edited all emails created by other authors during the project.

I also developed a number of phishing emails tailored to specific client requirements.

Examples of Emails

Fake email from Microsoft (the expiration of the OneDrive disk).

Fake email about Flash Player update.

Fake corporate email with a new evacuation plan.

Example of an email developed for a specific client — the Ministry of Defence and Aviation of Saudi Arabia (regarding a potential conflict with a neighbouring country and the need to report to mobilisation centres):