sans.org/LDR521 LDR521: Security Culture for Leaders You Will Be Able To • Explain what organizational culture is, its importance to security, and how to map and measure both your organization’s overall culture and security culture • Align your security culture to your organization’s strategy, including how to leverage different security frameworks and maturity models • Effectively communicate the business value of security to your Board of Directors and executives and more effectively engage and motivate your workforce • Enable and secure your workforce by integrating security into all aspects of your organization’s culture • Dramatically improve both the effectiveness and impact of your security initiatives, such as DevSecOps, cloud migration, vulnerability management, Security Operations Center, incident detection and response, and other related security projects • Create and effectively communicate business cases to leadership and gain their support for your security initiatives • Ability to measure your security culture, how to make those measurements actionable, and how to present the maturity and value of your security culture to leadership • Leverage numerous templates and resources from the Digital Download Package and Community Forum that are part of the course and which you can then build on immediately 5 Day Course 30 CPEs Laptop Required What is a Security Culture? Security culture is your workforce’s shared attitudes, perceptions, and beliefs about cybersecurity. It is what they think and feel about your security team, your security policies, and your security training. The more positive their attitudes towards your security team, the more they will trust your security team. The higher their perception that your security team is committed to your company’s mission, the more likely they will exhibit more secure behaviors. The greater their belief in your security training, the more likely they will commit to your organization’s security culture. Build and Measure a Strong Security Culture Drawing on real-world lessons from around the world, the SANS LDR521 security culture for leadership course will teach you how to leverage the principles of organizational change to develop, maintain, and measure a strong security culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply these concepts to various real-world security initiatives and quickly learn how to embed security into your organization’s culture, from senior leadership on down. Apply findings from Daniel Kahneman’s Nobel prize-winning research, Thayler and Sunstein’s Nudge Theory, and Simon Sinek’s Golden Circle. Learn how Spock, Homer Simpson, the Elephant and Rider, and the Curse of Knowledge are all keys to building a strong security culture at your company. Business Takeaways • Create a far more engaged and secure workforce, not only in their attitudes about security but also in their behaviors • Dramatically improve the ROI of security initiatives and projects through increased success and impact • Strengthen communication between the security team and business executives • Instill stronger and more positive attitudes, perceptions, and beliefs about the security team • Construct simpler, more effective security policies and governance Hands-On Security Culture Training The first four sections of the course leverage 12 interactive team labs, enabling you to apply the lessons learned to a variety of real-world security situations and challenges. These team labs enable you to learn not only from the instructor and course materials but also from your fellow students’ expertise and experiences. Finally, the last section is a capstone event as you work through a series of case studies to see which team can create the strongest security culture. Leveraging the Cyber42 simulation game environment, you are put in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. A Laptop is required for the Cyber 42 leadership simulation capstone. Notice to Students The course is recommended for more senior and/or more experienced cybersecurity leaders, managers, officers, and awareness professionals. If you are new to cybersecurity, we recommend some of SANS’s more fundamental courses, such as SEC301: Introduction to Cyber Security; SEC401: Security Essentials: Network, Endpoint, and Cloud; or LDR433: Managing Human Risk. “ I am just so happy with this material focusing on embedding secure values into our global culture – exactly what my company needs help with NOW.” —Lindsay O’Bannon, Deloitte Global • Watch a preview of this course • Discover how to take this course: Online, In-Person 0723