• Classroom
  • Online, Self-Paced
Course Description

Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the most common target for cyber attackers. The most effective way to secure the human element is to establish a high-impact security awareness program that goes beyond just compliance and changes behaviors and ultimately creates a secure culture. This intense two-day course will teach you the key concepts and skills needed to do just that and is designed for those establishing a new program or wanting to improve an existing one. Course content is based on lessons learned from hundreds of security awareness programs from around the world. In addition, you will learn not only from your instructor, but from extensive interaction with your peers. Finally, through a series of labs and exercises, you will develop your own custom security awareness plan that you can implement as soon as you return to your organization.

You Will Learn:

  • The Security Awareness Maturity Model and how to leverage it as the roadmap for your awareness program
  • How to gain and maintain leadership support for your program
  • Key models for learning theory, behavioral change and cultural analysis
  • How to identify and prioritize the top human risks to your organization and the key behaviors that manage those risks
  • How to effectively engage and communicate to your workforce, to include addressing the challenges of different roles, generations and nationalities
  • How to sustain your security awareness program long term, including advanced programs such as gamification and ambassador programs
  • How to measure the impact of your awareness program, track reduction in human risk, and communicate the value to leadership

Learning Objectives

  • Identify the maturity level of your existing awareness program and the steps to take it to the next level
  • Explain the difference between awareness, education and training
  • Explain the three different variables of risk and how they apply to managing human risk and security awareness training
  • Explain why people are vulnerable and how cyber attackers are actively exploiting these vulnerabilities
  • Gain and maintain long-term leadership support for your program
  • Identify the different targets of your awareness program
  • Characterize the culture of your organization and determine the most effective communication methods for that culture
  • Identify, measure and prioritize your human risks
  • Design and implement key metrics to measure the impact of each stage of your awareness program, to include measuring compliance, behaviors and culture

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.