Living Security and CybSafe announced a new Human Risk Management Maturity Model, to serve as “a standard across the cybersecurity industry including: practitioners, analysts, vendors, and thought leaders to measure the impact of human behavior on an organization’s risk.”
While several frameworks and maturity models exist to measure cybersecurity risk, including the National Institutes of Standard and Technology (NIST), the Cyber Defense Matrix and the FAIR methodology for IT frameworks, none are “specifically designated to quantify the specific risk that human behavior creates inside organizations.”
The proposed Human Risk Management Maturity Model will “give practitioners guidance on how to evolve into the next phase of cybersecurity to measure and change human behaviors.”
In doing so, organizations are “able to both reduce cyber risk and empower employees, creating true cultural change inside organizations and across industries.”
Ashley Rose, CEO and co-founder of Living Security, said:
“The human factor is the last frontier of cybersecurity. We’ve focused for decades on technologies and systems, but have consistently siloed our approach to the single most important element of any enterprise security plan, the people themselves. We at Living Security believe it is time for a paradigm shift. Launching this model is our way to start a ripple that grows. This is a collective journey to continue the disruption and leverage behavioral data to effectively manage and mitigate human cybersecurity risk and create a safer world.”
Oz Alashe, CEO and Founder of CybSafe, remarked:
“There is no doubt that now, more than ever, society needs the security community to take an even more intelligent approach to managing human risk. And so as security professionals we need to come together to continue to fuel curiosity and understanding that helps us be more effective at managing the risk within our organizations. This can’t be done by any one team, vendor, or group unilaterally. It’s a collective effort and at CybSafe we’re excited to play our part.”
Eighty-two percent of breaches currently “involve the human element, yet a majority of cybersecurity funding is still focused on technological interventions.”
The team invites everyone; analysts, vendors, practitioners, and thought leaders “to collectively participate in creating a model that truly helps companies of all sizes embark on the journey of human risk management.”