Flow Name: Human Risk Investigation

Trigger: Human Risk Information From USecure (or any other vendor)

Human Risk Response Flow

User Training Compliance Check

• Completed Training: No action needed.
  
  

• Not Completed Training: Send automated reminders until completed.
  
  

  • 1st Reminder after 1 month: Gentle nudge (email/slack notification).
    
    

  • 2nd Reminder after 2 months: Escalation to Manager/Security Team.
    
    

  • 3rd Reminder after 4 months: Mandatory completion notice (with potential access restrictions for non-compliance).
    
    

Phishing Simulation Response

• User Passed: No action required.
  
  

• User Failed the Simulation (Clicked Link or Entered Credentials):
  
  

  • Assign immediate phishing awareness training.
    
    

  • Send user phishing best practices material.
    
    

  • Schedule follow-up phishing simulations to track improvement.
    
    

User Account Compromise (Breach Detection)

Indicators:

• Credential exposure (e.g. Dark Web monitoring).
  
  

• Email found in a known data breach.
  
  

Response Actions:

• Immediately notify IT administrator.
  
  

• Suggest password reset for the user.
  
  

• Enforce MFA (if not already enabled).
  
  

• Send best security practices materials to the user.
  
  

• Enroll user in additional security training on account protection.
  
  

Organizational Risk Score Monitoring

• Risk Score Improving: No action needed.
  
  

• Risk Score Not Improving:
  
  

  • Send reminders to users about completing training.