"KnowBe4 summarizes the effort to do exactly that under the banner of Human Risk Management (HRM), with the main goal of generating workforce trust. What exactly does that mean? We discussed this shift from security awareness to HRM earlier this year. Awareness of cyber risks is not something that one instantly knows how to measure. Human risk, at least with respect to how KnowBe4 envisions it, should now appear on the radar with a defined score."
"Employees are now more attractive targets than vulnerabilities in software are. The problem, however, is that you cannot patch people. You cannot make them more secure by purely mechanical means. Block any inbound emails and you're essentially locking yourself out of business opportunities. Be too liberal in your access and you end up having to rely on human assessments in treating potential cyber risks."
"According to KnowBe4, one cannot even cross of a checklist listing all parameters that constitute overall risk. In other words, the company's Risk Score (now in v2) is based on a formula that even your KnowBe4 contact won't be able to fully divulge the inner workings of. The rating you end up getting is highly dependent on the role of the employee in question"
Traditional security awareness training programs suffer from a proof problem because organizations cannot easily measure when employees reliably recognize phishing or cease to be easy targets. Human Risk Management (HRM) proposes assigning defined, role-sensitive risk scores to employees to enable measurable results and workable workforce policies that build workforce trust. HRM emphasizes positive education on cyber risks rather than merely lowering failure rates, with the goal of granting employees greater autonomy as they demonstrably become safer digital denizens. Humans cannot be patched or secured by purely mechanical controls, so organizations must balance access and protections and rely on human assessment in risk treatment. KnowBe4’s Risk Score v2 uses a proprietary formula tied to employee role.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]