NISTs SP800-50r1 Building a Cybersecurity and Privacy Learning Program

Overall, this document is really about defining and meeting training requirements, rather than managing human risk.