What You Will Learn
Cybersecurity is no longer just about technology it is ultimately about organizational change. Change in not only how people think about security but what they prioritize and how they act, from the Board of Directors on down. Organizational change is a field of management study that enables organizations to analyze, plan, and then improve their operations and structures by focusing on people and culture.
SANS course MGT521 will teach leaders how to leverage the principles of organizational change, enabling them to develop, maintain and measure a security driven culture. Through hands-on, real-world instruction and a series of interactive labs and exercises in which you will apply the concepts of organizational change to a variety of different security initiatives, you will quickly learn how to embed cybersecurity into your organizational culture.
After completing this course you will be able to:
- Explain what culture is, how it applies to cybersecurity, and how to understand and measure your security culture.
- Explain what organizational change is, identify different models for creating change and learn how to apply those models.
- Align this change to your organization's strategy, including how to leverage different security frameworks and maturity models.
- More effectively communicate to your Board Directors and executives, collaborate with your peers, and engage your workforce.
- Enable and secure your workforce by integrating security into all aspects of your organizational culture.
- Dramatically improve both the time and impact of large-scale security initiatives.
- Leverage numerous templates and resources from the course Digital Download Package and Community Forum that you can then build on.
- Better engage and communicate with your leadership, board of directors and key roles and departments of your workforce.
- Effectively market and sell the need for cybersecurity and help promote your security initiatives
- Understand, build and measure a strong security culture.
WHAT YOU WILL RECEIVE:
- Digital Download Package: A collection of templates, checklists, matrices, reports and other resources that will help you in your cybersecurity career. This package is continually updated.
- Community Forum: Opportunity to join the private, by-invitation-only community forum dedicated to the human element, which currently has 1,000 active members.
For those of you who are looking to get involved in this field, or are already involved but looking to grow, consider reading this blog on how to develop your career path.
Syllabus (12 CPEs)Download PDF
Day 1 begins by demonstrating how security is ultimately about organizational change, technology alone will no longer solve the problem. We explain what culture is and how it applies to cybersecurity, how to change culture by leveraging different change management frameworks, and how to motivate the desire for change.
- Exercise 01 - Understanding Your Security Culture
- Exercise 02 - Marketing Password Managers
- Exercise 03 - Developing Personas of Developers
- Exercise 04 - Marketing DevSecOps
- Human Side of Security
- Case Study - Equifax Congressional Report
- Defining Culture
- Defining and Leveraging Change Management Frameworks
- Kotter 8 Steps
- Motivating Change
- Leveraging WHY
- AIDA Marketing Model
Day 2 focuses on enabling change. Communicating with people and engaging and motivating them is half the battle. We also have to enable people to change. This begins by making security as easy as possible. Far too often the policies, processes and procedures we create are complex, intimidating or difficult to follow. We have to prioritize and simplify, then engage and effectively train the workforce on its own terms to enable this change. In this course section, we will structure a plan that facilitates organizational change, leading to a more secure culture. We'll also track, measure, and communicate the impact of that change.
- Exercise 05 - Learning Objectives
- Exercise 06 - Incident Response
- Exercise 07 - Vulnerability Management Charter
- Enabling Change
- Building Knowledge
- ADDIE/ARCS Models
- Simplifying Security
- Implementing Change
- Project Charter
- Measuring Change
- Capturing Metrics
- Communicating Metrics
"For far too long cybersecurity has been perceived as purely a technical challenge. Organizations and leaders are now realizing that we also have to address the human side of security. From securing your workforce's behavior, to engaging and training developers, IT staff and other departments, security today depends on your ability to engage and partner with others. In other words, your security culture is becoming just as important as your technology. MGT521 will provide the frameworks, roadmaps and skills you need to successfully secure your organization, from deploying specific security initiatives to embedding a comprehensive, organization-wide security culture. In addition, the course will provide you the resources to measure and communicate the impact to your leadership, ensuring long-term support."