Build & Mature Your Security Awareness Program
One of the greatest challenges facing organizations in building a security awareness program is where to start. How do you plan, develop, deploy, and maintain an effective awareness program? Here you will find various resources to help you plan and maintain an awareness program that is not only compliant, but engages your employees and focuses on reducing risk by changing their behaviors.
Gaining Internal Support
A common challenge many organizations face is getting management approval and/or funding for their security awareness program. Use our resources to justify the support for your program.
Planning Your Program
Once you've gained the necessary internal support, the next step is deciding how to develop, deploy, and maintain an effective awareness campaign. Check out materials to help you grow your program.
Measuring Program Success
Metrics give you the ability to track and measure the impact of your security awareness program. Use the resources below to improve your training, prove ROI, or compare your human risk to other organizations in your industry.
Gaining Stakeholder Support
This presentation template can be used to present to your senior management to explain the value of your proposed security awareness program; giving you the support, budget and resources you need to make your awareness program happen.
Your organization may be required to protect certain types of data (card holder, PHI, PII, PNI, etc). Here are several sites where you can search records of publicly known data breaches.
Privacy Rights Clearinghouse
Explore Privacy Rights Clearinghouse's Chronology of Data Breaches.
2017 Verizon Data Breach Investigations Report
The 2017 DBIR report reveals what’s really happening in cyber security featuring analysis of over 40,000 incidents.
World's Biggest Data Breaches
Search and filter through a visualized interactive map of the latest data breaches from around the world.
Security Awareness Compliance Requirements
There are a variety of regulations and standards that require security awareness training. Download our Security Awareness Compliance Requirements document that lists the most common legislation or standards that require security awareness training. In addition you will find the specific sections that state the requirement and links for more information.
Making Security Awareness Stick
One of the most common, long-term challenges faced by any awareness program is getting it to stick. In this talk we explain what organizations are effectively doing around the world to emotionally engage and communicate to their employees. Key points you will learn include behavior modeling, defining culture, developing an engagement strategy, communication methods and ambassador programs.
Build your program quickly. Meet with peers, learn from the experts on how to build a high-impact awareness program. Sign up for the two-day class today.
Identify and Prioritize Risk
A key step to managing your human risk is first identifying and then prioritizing those risks and then focusing on the top ones. After working with hundreds of organizations, Lance Spitzner discusses what are the 7 most common human risks he finds in organizations and what you can do to effectively manage and measure those specific risks. Key points you will learn include concepts of cognitive overload, identifying top human risks and the behaviors that mitigate those risks. Download these key resources to mitigate your organizations risk.
Top Human Risks
Use this presentation to map out what risks are critical to your organization.
Mitigating Top Risks Webcast
Watch how you can apply mitigation techniques for your organization.
Moving Beyond with Program Metrics
Once your security awareness program is established, it's time to measure it's effectiveness. Get started with the SANS Metrics Matrix identifying measurement options for your program. This resource includes metrics for both measuring impact (change in behavior) and for tracking compliance.
Human Metrics: Measuring Behavior
Security awareness is nothing more than another control designed to reduce risk, specifically human risk. This presentation will cover the different ways organizations are effectively measuring human risk, which methods are proving to be the most successful, and steps you can take to have successful metrics for your awareness program.
Measuring Phishing Effectiveness
One of the most effective ways to address phishing attacks is to train and measure employees through phishing assessments. These resources covers step-by-step instructions on how to build, maintain and measure an effective long-term phishing assessment program for your organization.