• Online, Self-Paced
  • Classroom
Course Description

Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the most common target for cyber attackers. The most effective way to secure the human element is to establish a mature security awareness program that goes beyond just compliance, changes peoples' behaviors and ultimately creates a secure culture. This intense two-day course will teach you the key concepts and skills needed to do just that, and is designed for those establishing a new program or wanting to improve an existing one. Course content is based on lessons learned from hundreds of security awareness programs from around the world. In addition, you will learn not only from your instructor, but from extensive interaction with your peers. Finally, through a series of labs and exercises, you will develop your own custom security awareness plan that you can implement as soon as you return to your organization.

You Will Learn:

  • The Security Awareness Maturity Model and how to leverage it as the roadmap for your awareness program
  • How to gain and maintain leadership support for your program
  • Key models for learning theory, behavioral change and cultural analysis
  • How to identify different target groups and deploy role based training.
  • How to effectively engage and communicate to your workforce, to include addressing the challenges of different roles, generations and nationalities
  • How to sustain your security awareness program long term, including advanced programs such as gamification and ambassador programs
  • How to measure the impact of your awareness program, track reduction in human risk, and communicate the program's value to leadership

Learning Objectives

  • Identify the maturity level of your existing awareness program and the steps to take it to the next level
  • Explain the difference between awareness, education, and training
  • Explain the three different variables of risk and how they apply to managing human risk and security awareness training
  • Explain why people are vulnerable and how cyber attackers are actively exploiting these vulnerabilities
  • Gain and maintain long-term leadership support for your program
  • Identify the different targets of your awareness program and build a role-based training program
  • Characterize the culture of your organization and determine the most effective communication methods and training modalities for that culture
  • Identify, measure, and prioritize your human risks
  • Design and implement key metrics to measure the impact of each stage of your awareness program, to include measuring compliance, behaviors, and culture

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Training, Education, and Awareness


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.