Security awareness is a process for educating employees and making them "aware" it's important to protect information systems and practice good data security.
- The primary objective of a security awareness program is to educate users on their responsibility to help protect the confidentiality, availability and integrity of their organization's information and information assets. Information security is everyone's responsibility, not just the IT department. It is critical that employees understand not only on how to protect the organization's information, but why it is important to protect that information. People are often the weakest link in a security chain, because they are not trained or generally aware of what security is all about. Employees must understand how their actions can greatly impact the overall security position of their organization. An awareness program should reinforce security policy and other information security practices that are supported by the organization. Security awareness helps minimize the cost of security incidents and helps assure the consistent implementation of controls across the organization's information systems environment.