ABSTRACT
Publishing a set of policies and procedures is no assurance that anyone will ever read them. Creating an employee awareness program is necessary to bring the information security message to all employees. Before employees can accept an Information Security (IS) program, they must first understand why the program is necessary and what they will gain from its implementation.
