The security community has traditionally focused on technology to secure technology, using frameworks such as NIST SP800-53, ISO 27001 and the Critical Controls. There is a growing need for a new framework to address the human element. This talk covers the development of just such a framework; one that identifies the top human risks and the roadmap to mitigating them.