This webinar will showcase the methodology and results of a multi-year human security risk assessment and security awareness initiative at Michigan Technological University. This discussion will include the risk assessment system, metrics, and scoring used to identify specific training needs by individual, department, and division, to uncover high-risk behavior, and to direct training and auditing where they are needed most. Multi-year data trends, combined with organizational structure data and training metrics are used to measure the actual impact of awareness training. As this process continues, it is used to focus Michigan Tech's security resources based on institutional risk and to help calculate the business value of security awareness programs.