ABSTRACT
The purpose of awareness training is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize information security concerns and respond accordingly when faced with an information security issue. The fundamental value of IT security awareness programs is that they bring about a change in attitudes, which changes the organizational culture. The cultural change is the realization that IT security is critical because a security failure may have adverse consequences for everyone. Awareness training is the most important component in any information security initiative. Awareness training is a mechanism, which educates employees on the following key security issues. An effective awareness program teaches the importance of information security–related issues, not just the rules. It fosters a climate that supports information security activities and helps management implement mechanisms to reinforce the security culture. An effective IT security awareness and training program explains proper rules of behavior for the use of agency IT systems and information.
