End User Awareness Training

Securing The Human - End User Awareness training (STH) provides extensive employee security awareness training that targets today's weakest link in enterprise security - the human. STH goes beyond just compliance and addresses the most common risks using a proven framework based on the 20 Critical Security Controls. The program contains 24 awareness modules and 19 compliance modules. Each module includes an online assessment. Student progress through the program can be tracked via a site administration web interface. STH is appropriate for small to extremely large numbers of users and is supported in multiple languages.

Training is delivered via SCORM-compliant web video-based modules utilizing the SANS-hosted Virtual Learning Environment (VLE) or internally via your own learning management system (LMS).

STH awareness training addresses numerous standards including PCI DSS, HIPAA, FISMA, ITAR, ISO 27001, and FERPA.

Optional supporting media: Each awareness module has an associated newsletter, poster, and screensaver. These are available for optional purchase. The media are branded with your name, logo and contact info. They are delivered in electronic format. You can use them as much or as little as you wish, for as long as you wish.

Demo accounts are available, giving you the ability to sample the video modules.


STH is purchased according to the number of persons undergoing training. The aggregate-purchase price is $2.30 per person for 1 year, or $4.10 per person for 2 years. The minimum order $2,760 for 1-year purchases or $4,920 for 2-year purchases.

Optional supporting materials, including posters, newsletters, and screensaver costs $3,500 when ordered with the STH videos, or $5,000 without.

Additional information is available at the SANS Securing The Human main web page.

A full list of the training modules and demo short snippets is available here.

"I have never seen such high quality training, distilled to a perfected message, and compressed into a timeframe that any organization should willingly commit employee time to taking as a risk reduction strategy."
James A. (Jim) Richards III, West Virginia Chief Information Security

"We just purchased the SANS Securing the Human, which I think is the best I have ever seen. In addition it's backed up by SANS extensive experience and knowledge base in infosec."
Karen McDowell, Ph.D., Information Security Analyst, University of Virginia