ABSTRACT
Employees, especially end users of the IT system, are
typically not aware of the security consequences caused by
certain actions. For most employees, the IT system is a
tool to perform their job responsibilities as quickly and
efficiently as possible-security is viewed as a hindrance
rather than a necessity. Thus, it is imperative for every
organization to provide employees with IT-related security
information that points out the threats and ramifications
of not actively participating in the protection of their infor-
mation. In fact, federal agencies are required by law
(Computer Security Act of 1987) to provide security aware-
ness information to all end users of information systems.
