With technology front and center in virtually all business processes, it may seem counterintuitive to suggest that today’s greatest cybersecurity risks don’t stem from technology, but from people. It’s widely recognized that people pose the greatest risk to data and security. This truth stems from the fact that human risks are much more challenging to manage than those risks related to technology, which can largely be controlled through technology.
The reason: Humans are unpredictable, biased, variable, impatient, impulsive, naïve and… well, let’s just say that the list could go on for quite a while longer.
The fallibility of humans when it comes to technological security is now widely recognized. In fact, “human risk management” has emerged as a new concept focused on understanding and alleviating the risks that humans represent.
HRM vs. Security Awareness Training
Human risk management (HRM) is an overarching concept that encompasses security awareness training but is different from user training. Security awareness training empowers human risk management.
We can think of HRM as the identification, assessment and overall management of human-related…
