INTRODUCTION
The Human Risk Management Cycle, also called The “HRM” Cycle, is a process methodology that offers a complete continuous cycle for implementing and maintaining a Human Risk Management Program that includes means for continuous improvement and for measuring the success of the program with the long term goal of reducing human risk and creating a security culture.
The Human Risk Management Cycle is an evolution of The Security Awareness Cycle, tailored specifically to meet the needs of Human Risk Management. While the core concepts of both cycles align—focusing on the identification of people and groups, pinpointing high-risk behaviors that require change, and identifying solutions to facilitate behavioral change—mitigation strategies in HRM extends beyond Security Awareness training. It became evident that HRM warranted its own distinct cycle, incorporating relevant terminology to better address these challenges.
THE HUMAN RISK MANAGEMENT CYCLE
(THE “HRM” CYCLE)
THE HUMAN RISK MANAGEMENT CYCLE
1. Metrics
The initial step in The Human Risk Management Cycle involves collecting metrics to establish a baseline. This baseline serves as a benchmark to evaluate the effectiveness of your Human Risk Management Program in subsequent cycles. By doing so, you can accurately measure the program’s success and pinpoint human risk areas needing improvement.
Step 2: Identifying and Understanding your People
The second step in The Human Risk Management Cycle is all about identifying and understanding the people within your organization. This involves recognizing the different groups within your organization as each group, and sometimes individuals within those groups, contribute to distinct risks.
Step 3: Identifying High-Risk and Desired Behaviors
The third step in The Human Risk Management Cycle is to identify the various high-risk and desired behaviors.
Step 4: Identifying Solutions to Facilitate Behavioral Change
The fourth step in The Human Risk Management Cycle is to identify solutions to mitigate risks or facilitate behavioral changes. This step involves deciding how to address the risks identified in the previous steps. Solutions typically take the form of people, processes, and technology.
Step 5: Develop Selected Mitigation Strategies
The fifth step in The Human Risk Management Cycle is to develop the selected solution or mitigation strategy that you identified and selected in the previous step.
Step 6: Implement Mitigation Strategies
The sixth and final step in The Human Risk Management Cycle is to implement your mitigation strategy
License Information
“The Human Risk Management Cycle” framework is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0). This means you are free to use, share, and adapt the framework as long as appropriate credit is given and any derivatives are shared under the same license. Feel free to modify it to suit your needs, and don’t forget to acknowledge the original source.
