People are the primary attack vector. Manage your human risk.
Learn the key lessons and the roadmap to build a mature awareness program that your workforce will love and that has an impact you can measure. Apply models such as the BJ Fogg Behavior Model, AIDA Marketing funnel, and Golden Circle, and learn about the Elephant vs. the Rider.
The course content is based on lessons learned from hundreds of security awareness programs from around the world. You will learn not only from your instructor, but from extensive interaction with your peers. Finally, through a series of labs and exercises, you will develop your own custom plan to implement as soon as you return to your organization.
This is an absolutely fantastic course. Lance is a great presenter and held my interest through the entire course. The material is so valuable, I can't wait to go back and map out my plans on how I'm going to use it. Lesley Swann, Baker Donelson
- Align your security awareness program with your organization's strategic security priorities
- Effectively identify, prioritize and manage your organizations top human risks.
- More closely integrate your security awareness efforts with your security teams overall risk management efforts.
- Make the most of your investment by sustaining your security awareness program long term, going beyond changing behavior to changing culture
- Understand the Security Awareness Maturity Model and how to leverage it as the roadmap for your awareness program
- Implement key models for learning theory, behavioral change, and cultural analysis
- Explain the difference between awareness, education, and training
- Identify the maturity level of your existing awareness program and the steps to take it to the next level
- Ensure compliance with key standards and regulations
- Define human risk and explain the three different variables that constitute it
- Explain risk assessment processes
- Leverage the latest in Cyber Threat Intelligence and describe the most common tactics, techniques, and procedures used in today's human-based attacks
- Identify, measure, and prioritize your human risks and define the behaviors that manage those risks
- Measure the impact of your awareness program, track reduction in human risk, and communicate the program's value to leadership
A big part of the course is not only learning but applying what you learn working as groups with your peers. Not only does this provide you a far better understanding and application of course content, but enables you to interact and learn from others. This two day course has five labs. Each lab is approximately 20-30 minutes to complete as a team, with another 20-30 minutes of group discussion, for a total time of three to four hours.
- Lab 1: Read, analyze and identify the top human risks based on the Verizon Bata Breach Investigations Report
- Lab 2: Review, identify and prioritize the top human risks in your organization.
- Lab 3: Identify and document the top behaviors (learning objectives) that manage those risks.
- Lab 4: Leverage the AIDA marketing model to engage and communicate to your workforce about a new tool roll-out.
- Lab 5: Create a strategic engagement plan on how you will effectively communicate to and engage your workforce to manage a specific human risk.
What MGT433 Students Are Saying About the Labs
"Just what I needed." - Philippe Vaquer, Bureau Veritas
"Incredibly useful and supportive to the learning." - William Edwards, HM Land Registry
"The labs presented an effective way to grasp the material and present to others for good feedback." - Michael U., US Government
"I enjoyed learning from other attendees during the breakout session. It's really good to hear about how other organizations implement their programs. Sharing best practices has been really insightful." - Angela Childs
- Section 1: Learn the fundamentals of security awareness programs followed by identifying and prioritizing the key human risks you will be managing.
- Section 2: Learn how to engage, train and motivate your workforce to change and exhibit secure behaviors and measure the impact of that change.
NOTE: This class is designed as a beginner to intermediate level course. Highly experienced security awareness professionals or senior security leaders should consider the more advanced five-day MGT521: Leading Cybersecurity Change: Building a Security-Based Culture.
ADDITIONAL FREE RESOURCES:
WHAT YOU WILL RECEIVE:
This course provides you with the opportunity to join the SANS Security Awareness Community Forum, a private, invitation-only community of over 1,500 awareness officers who share resources and lessons learned. In addition, you will receive the following with the course:
- Printed + Electronic course books that include slides with detailed notes for each slide
- Printed + Electronic lab book
- Digital Download Package containing digital copies of all the labs, supplemental materials, reports, templates and examples
- MP3 audio files of the complete course lecture
- One 90-day license to the entire SSA library of content. Read the FAQ here.
WHAT COMES NEXT:
SANS Security Awareness Professional (SSAP) - Organizations seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only this expertise, but also signifies, documents and certifies that the holder has met the requirements to elevate the overall security behavior of the workforce.
MGT521: Leading Cybersecurity Change: Building a Security-Based Culture: This course takes MGT433 to the next level by teaching you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture.
MGT512: Security Leadership Essentials for Managers: This course provides an overview of how to manage different security technologies, controls, and frameworks, and how they work together. It's an excellent way to better understand how awareness of human risk and knowing how to manage it partners with other elements of security.
MGT514: Security Strategic Planning, Policy, and Leadership. This is SANS' most advanced course for senior security leaders, CSOs. and CISOs. It's an excellent way to better understand how awareness of human risk and knowing how to manage it support your organization at a strategic level.