Behavioral Risk Assessment®

"Risk Measured is Risk Managed™". Accurately assess your organization's security awareness level and build an actionable plan to measure and manage your risk.


The SANS Behavioral Risk Assessment® reduces program cost, eliminates unneeded training, and creates risk metrics to baseline and benchmark an organization’s human cyber risk.

By quantifying where high-risk data handling practices exist by organization, we help you target both compliance and risk-based training where it will have the most impact to your organization. This allows the right training to get to the right people, while eliminating unwanted and unneeded training—therefore, substantially reducing training loads.


What is a Behavioral Risk Assessment™?

The SANS Behavioral Risk Assessment® allows enterprises to identify information handling risk in their organization. Tailored to the organization’s specific data types and information lifecycle tools, the Assessment framework illuminates who is handling sensitive data, what data departments are accessing, and where the data is located.

With the Behavioral Risk Assessment®, an organization can...

  • Discover where information lives, measure the risk level of the data and risk occurrences that have taken place.
  • Understand who accesses what data and what tools they are using to access the information.
  • Understand compliance training needs by organizational unit, tailored to the needs and risk tolerences of the organization.
  • Track information risk across systems and workers throughout an organization—summarized by person, organizational unit, and/or enterprise.
  • Utilize simplified data collection methodologies without the need for complex and expensive data classification and endpoint tracking software.
  • Assess ROI of Security Awareness training investment and overall organizational behavioral risk profile.

How Does It Work?

Upon launching the Assessment into an organization, users take the Assessment and in less than 5 minutes, define the types of data they access and then select the places they receive and/or store each data type.

The resulting response analysis is presented via a dashboard, including high-risk handling practices and training recommendations. In order to track organizational improvement and assess the ROI of your training investment, the Behavioral Risk Assessment® can quickly and easily be re-deployed to your user community at any time.