ABSTRACT
Development of security policies, standards, procedures,
and guidelines is only the beginning of an effective infor-
mation security program. A strong security architecture
will be less effective if there is no process in place to
make certain that the employees are aware of their rights
and responsibilities. All too often, security professionals
implement the “perfect” security program, and then forget
to factor the customer into the formula. In order for the
product to be as successful as possible, the information
security professional must find a way to sell this product
to the customers. An effective security awareness program
could be the most cost-effective action management can
take to protect its critical information assets.