ABSTRACT
Information security awareness is a fundamental part of effective security management. It is not a panacea and requires competence and attention to be paid to a number of parallel activities. Psychology is not limited to perception. Further foibles of human nature are manifest in many situations that can lead to poor security decisions. Again, human psychology comes into play, in that stepped, incremental change is often more effective than a spectacular launch. Allied to incremental change is the development of a positive, rational approach to security. Dealing with risk perception requires people to acknowledge that pure logic and empiricism are not the only answers. Empathy also used to understand how people perceive risks. What is vital to some is trivial to others. However infuriating, people will not respond to risk in a cool, logical manner.
