Security awareness

However, it is very tricky to implement because organizations are not able to impose such awareness directly on employees as there are no ways to explicitly monitor people’s behavior.

[4] Topics covered in security awareness training include:[5] Security awareness means understanding that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout its organization.

Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business.

[8] Specifically they measured "understanding about circumventing security protocols, disrupting the intended functions of systems or collecting valuable information, and not getting caught" (p. 38).

The researchers created a method that could distinguish between experts and novices by having people organize different security scenarios into groups.

Security awareness poster from World War II .
An equivalent 2000 warning about the web security awareness.