ABSTRACT
This conclusion presents some closing thoughts on the key concepts discussed in the preceding chapters of this book. The book examines information security and employee behaviour. The concept of information security awareness is more complex than many people think. It's quite easy to make broad statements about how employees are 'going to do awareness next quarter' without taking into account what they want to achieve, how they are going to measure their effectiveness and what actions they want people to do after employee have delivered whatever it is they have decided to help them be 'more secure'. Risk perception is a strange phenomenon that needs to be understood whenever possible. This applies particularly when trying to communicate risk issues to lay persons. Remember that emotional reactions to risk are in fact totally relevant, understandable and predictable. The diversity in cultures amongst and between organizations is such that solutions will rarely be transportable without considerable customization and enhancement for each.
