# Role-Based Risk Awareness Program Template

- **PURPOSE:** Provides a structured approach to developing targeted risk awareness initiatives that resonate with specific business functions and deliver measurable behavior change.
- **WHEN TO USE:**When designing new security awareness programs, revamping existing training approaches, or addressing function-specific risk gaps.

**ROLE-BASED RISK AWARENESS PROGRAM**

**FUNCTION/DEPARTMENT**: [e.g., Finance, Marketing, Product Development]

## 1. AUDIENCE ANALYSIS

Primary Roles:

- [List key roles within this function]

Current Risk Awareness Level: [High/Medium/Low]

- [Evidence supporting this assessment]

Function-Specific Risk Exposures:

- [Risk 1]
- [Risk 2]
- [Risk 3]

Key Business Processes:

- [Process 1]
- [Process 2]
- [Process 3]

Motivators for This Group:

- [What drives decision-making and engagement for this function?]

Potential Resistance Factors:

- [What might prevent adoption of better risk practices?]

## 2. LEARNING OBJECTIVES

After completing this awareness program, participants will:

Knowledge Objectives:

- [What specific information should they understand?]

Behavioral Objectives:

- [What specific actions should they take differently?]

Attitude Objectives:

- [How should their perspective on risk change?]

## 3. CONTENT DEVELOPMENT

Key Messages:

- [Primary message 1]
- [Primary message 2]
- [Primary message 3]

Role-Specific Scenarios:

- [Scenario 1: Brief description of relevant risk scenario]
- [Scenario 2: Brief description of relevant risk scenario]
- [Scenario 3: Brief description of relevant risk scenario]

Business Context:

- [How these risks connect to business objectives]
- [How effective risk management enables business success]

Practical Tools:

- [Tool/resource 1 to support implementation]
- [Tool/resource 2 to support implementation]
- [Tool/resource 3 to support implementation]

## 4. DELIVERY APPROACH

Format Selection:

- [Primary delivery format(s)]
- [Rationale for this approach]

Timing Considerations:

- [When this content should be delivered for maximum relevance]
- [Integration with business calendar/cycle]

Required Resources:

- [Resources needed to develop materials]
- [Resources needed to deliver program]

Involvement Strategy:

- [How function leaders will be involved in development/delivery]
- [How participants will actively engage with content]

## 5. MEASUREMENT PLAN

Baseline Metrics:

- [Current state measurements to establish baseline]

Success Indicators:

- [Behavioral metrics to track]
- [Process metrics to track]
- [Outcome metrics to track]

Measurement Tools:

- [How data will be collected]
- [Frequency of measurement]

Feedback Loop:

- [How results will inform program adjustments]
- [Process for capturing participant feedback]

## 6. IMPLEMENTATION TIMELINE

| Phase | Key Activities | Responsible Parties | Target Dates |
| --- | --- | --- | --- |
| Planning |  |  |  |
| Development |  |  |  |
| Pilot |  |  |  |
| Rollout |  |  |  |
| Evaluation |  |  |  |
| Refinement |  |  |  |

Table 1: Implementation Timeline

## 7. SUCCESS STORIES AND EXAMPLES

- [Include 2-3 brief examples/stories that demonstrate effective risk management within this specific business function. These should be relatable and highlight both business and security benefits.]

## IMPLEMENTATION TIPS:

- Involve representatives from the target function in developing the awareness program to ensure relevance and buy-in
- Create modular content that can be delivered in short, focused sessions rather than lengthy training events
- Use the business calendar to time awareness initiatives when they're most relevant (e.g., finance-focused content during budget season)

***

(c)[Kayne McGladrey](https://kaynemcgladrey.com/) - [Get the full book "Cyber Risk is a Myth"](https://www.routledge.com/Cyber-Risk-is-a-Myth-A-Business-Approach-to-Integrated-Risk-Management/McGladrey/p/book/9781041249054)