LDR433: Managing Human Risk™

People have become the primary attack vector. Manage your human risk.

Learn the key lessons and the roadmap to build a mature awareness program that will truly engage your workforce, change their behavior and ultimately manage your human risk. Apply models such as the BJ Fogg Behavior Model, AIDA Marketing funnel, the Golden Circle, ADDIE training model and learn about the Elephant vs. the Rider. Concepts include how to assess and prioritize your top human risks and the behaviors that manage those risks, how to engage, train and secure your workforce by changing their behaviors, how to build a strong security culture and how to measure the impact and value of all that change.

The course content is based on not only learning theory and behavior change models but lessons learned from hundreds of programs from around the world. You will learn not only from your instructor, but from extensive interaction with your peers. Finally, you will have the opportunity to earn the SANS Security Awareness Professional (SSAP), the industry standard in human risk management.

"Overall just fantastic. I would love for my whole team to attend this training - invaluable and eye-opening knowledge, that I think will enable lots of good changes and growth. There's just SO MUCH amazing content here, and the delivery was fantastic." - Luka Morkyte, JPMorgan Chase

What Is Human Risk Management?

Cyber threat actors have changed their attack methods, they no longer target technology but people. Human Risk Management is the structured approach in how organization's secure people, addressing for most organizations what is now their greatest vulnerability - their workforce.

Business Takeaways

• Align your security awareness program with your organization's strategic security priorities
• Effectively identify, prioritize and manage your organization's top human risks.
• More closely integrate your security awareness efforts with your security team's overall risk management efforts.
• Make the most of your investment by sustaining your program long term, going beyond changing behavior to embedding a strong security culture
• Communicate and demonstrate the value of the change to your senior leadership in business terms

Skills Learned

• Master how to map and benchmark your program's maturity against your peers'.
• Understand the Security Awareness Maturity Model and how to leverage it as the roadmap for your program
• Ensure compliance with key standards and regulations
• Implement models for learning theory, behavioral change, and organizational culture
• Define human risk and explain the three different variables that constitute it
• Explain the risk assessment processes
• Explain and leverage the latest in Artificial Intelligence to exponentially increase your impact
• Leverage the latest in Cyber Threat Intelligence (CTI) and describe the most common tactics, techniques, and procedures (TTPs) used by cyber attackers in today's human-based attacks
• Identify, measure, and prioritize your human risks and define the behaviors that manage those risks
• Explain the most effective ways to communicate to and engage people
• Identify high risk roles and the required, specialized training for those roles
• Define what security culture is and the common indicators of a strong security culture
• Explain your organization's overall culture and how to most effectively align cybersecurity with and embed security into your organization's culture
• Measure the impact of your program, track reduction in human risk, and how to communicate to senior leadership the value of the program in strategic terms.
• Define steps to grow your career, increase your credibility and expand your work options.

Hands-On Human Risk Management Training

A big part of the course is not only learning but applying what you learn working as groups with your peers. Not only does this provide you a far better understanding and application of course content but enables you to interact and learn from others. This three-section course has seven interactive labs. Each lab is approximately 30 minutes to complete as a team, with another 15-20 minutes of group discussion. In addition, most labs include elements of leveraging Artificial Intelligence to accelerate your program and impact.

• Section 1: Determine Your Program's Maturity Level, Partnering with Others, Tulip Manufacturing: A Risk Case Study
• Section 2: Identify and Prioritize the Key Behaviors that Manage Risks, Leverage the AIDA Model to Sell MFA
• Section 3: Defining Your Organization's Culture, Creating an Action Plan for When You Return

"Just what I needed." - Philippe Vaquer, Bureau Veritas

"Incredibly useful and supportive to the learning." - William Edwards, HM Land Registry

"The labs presented an effective way to grasp the material and present to others for good feedback." - Michael U., US Government

"I enjoyed learning from other attendees during the breakout session. It's really good to hear about how other organizations implement their programs. Sharing best practices has been really insightful." - Angela Childs

Syllabus Summary

• Section 1: Learn the fundamentals of managing human risk, to include gaining leadership support, partnerships and project charter, and how to assess and prioritize human risk.
• Section 2: Learn how to leverage the latest in Artificial Intelligence in accelerating your program, prioritize the specific behaviors that most effectively manage your human risk, then how to engage, train and enable your workforce to exhibit those key behaviors.
• Section 3: Learn how to build and embed a strong security culture, how to measure and communicate the value of your program and how to put a final plan together.

NOTE: This class is designed as a beginner to intermediate level course. Highly experienced security professionals or senior security leaders should consider the more advanced five-day LDR521: Security Culture for Leaders.

Additional Free Resources

• Security Awareness Roadmap: Managing Your Human Risk, poster
• Annual Security Awareness Report™: Managing Human Risk
• For those of you who are looking to get involved in this field, or are already involved but looking to grow, consider reading this blog on how to develop your career path.

What You Will Receive

This course provides you with the opportunity to join the SANS Security Awareness Community Forum, a private, invitation-only community of over 2,000 security professionals passionate about the human side of cybersecurity. In addition, you will receive the following with the course:

• Printed + Electronic course books that include slides with detailed notes for each slide
• Printed + Electronic lab book
• Digital Download Package containing digital copies of all the labs, supplemental materials, reports, templates and examples
• MP3 audio files of the complete course lecture
• One 90-day license to a library of awareness content from SANS Security Awareness. Read the FAQ here.

What Comes Next?

• LDR521: Security Culture for Leaders: This course takes LDR433 to the next level by teaching you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture.
• LDR512: Security Leadership Essentials for Managers: This course provides an overview of how to manage different security technologies, controls, and frameworks, and how they work together. It's an excellent way to better understand how awareness of human risk and knowing how to manage it partners with other elements of security.
• LDR514: Security Strategic Planning, Policy, and Leadership: This is SANS' most advanced course for senior security leaders, CSOs. and CISOs. It's an excellent way to better understand how awareness of human risk and knowing how to manage it support your organization at a strategic level.