ABSTRACT
This chapter does not prescribe a methodology. It sets out ideas and frameworks that can be readily adapted for use in any organisation. This chapter also outlines the role that training holds in regard to security awareness. It is a powerful means in itself but is best used in alliance with other techniques. The framework is designed to help establish a sustainable, repeatable process. Empirical information on information security incidents and behaviours is rare and often unreliable. In many organisations there are core professionals. Identifying target audiences in complex organisations can be made simpler by using a simple grid. The Delphic technique is so named after the Oracle of Delphi, a renowned source of knowledge and wisdom in the Ancient Greek world. There are a number of well-understood ways by which the people can encourage people in their organisation to change their behaviour.
