The best way to achieve a significant and lasting improvement in information security is not to throw more technical solutions at a problem--the best approach is to teach the basics of information security to everyone who interacts with computer networks, systems, and information.

Many people miss two key points about information security: They don’t think they're targets, and they don't recognize the trust and responsibility others give to them. The Information Security Awareness Program and other security training can educate the campus community about 1) the inherent risks presented by the confidentiality, integrity, and availability of systems and data, and 2), how to help protect them. The program's primary objective is to reduce the risk of a security breach.