Security awareness is the first line of defense for the security of information systems and networks.
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.
-Sensitive material and physical assets they may come in contacts with, such as trade secrets, privacy concerns, and government classified information
-Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements
-Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
-Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication
-Computer security includes malware, phishing, social engineering, etc.
-Workplace security, including building access, wearing security badges, reporting of incidents, forbidden articles, etc.
-Consequences of failure to properly protect the information, including the potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties
