ABSTRACT
As stated in the Introduction Summary, ‘Information security awareness is a fundamental part of effective security management. It is not a panacea and requires competence and attention to be paid to a number of parallel activities’. Recognising the human foibles and weaknesses of the people and others is an important first step. Empathy also allows the people to understand how people perceive risks. Psychology is not limited to perception. Further foibles of human nature are manifest in many situations that can lead to poor security decisions. The need for clarity and jargon-free communication is never better displayed than in a crisis situation, when the role of human psychology comes very plainly into view. Incremental change is normally more effective at generating lasting change. Allied to incremental change is the development of a positive, rational approach to security.
