Consistent, practical strategic planning is a prerequisite for security and risk management leaders establishing and supporting the credibility of their security programs. This presentation:
- Introduces a generic security strategy planning process
- Shares the unique best practices associated with security strategy planning
- Provides practical advice on communicating the strategy to stakeholders.

We like to lament that "the users are the weakest link in the cybersecurity chain!" which means that as security and risk management leaders, you must understand the critical impact of the user community on your programs. From basic anti-phishing simulation through more proven communications techniques to sophisticated approaches based on the social science, this presentation provides insight into the latest best practices in the human aspects of security.

As per Gartner research, 44% of employees have regularly engaged in insecure behaviors in the past year. Security teams must successfully engage to create sustainable change in employee behavior. This panel session will explore how security awareness and training teams are adapting their strategies and skills to deal with this evolution and how more budget and leadership support can be gained.

Gartner surveyed 96 organizations to identify significant patterns or trends related to the distribution of security and risk management capabilities in organizations from the public and the private sector. Join this session for a summary of the key findings.