End-user computing has emerged as a vital component of the overall information resource of the organization.  This emergence has made its way not only into the information resource but also in the information security of an organization. The end-user has access to the most vital information a company has and either has the knowledge in how to circumvent the systems that have been put in place to protect the organizations information, or the lack of knowledge that is needed to protect this information, as well as the well-being of the organizationís network itself. It is recognized that the more educated a person is, the better decisions they should make in business and life itself. The question needs to be asked why then is a vital part of the organizationís security structure ignored and not given information about threats and vulnerabilities. The end-users are the ones who will see these threats and be taken advantage of much more frequently. This happens due to their lack of knowledge on what to look for which can lead to threats such as taking down the network or seriously divulging confidential personal information. The Information Security field has grown rapidly over the past years because of these threats, and the Information Security personnel seek to harden the network through firewalls, Intrusion Detection Systems and the like but frequently overlook the most prominent line of defense that an organization can have: the educated end-user. They can be and quite frequently are the last line of defense in a network, but if they donít have the tools necessary or the knowledge to defend their system, they are as ineffective as keeping a newly purchased firewall in the box. This paper will attempt to define the Security Education Training and Awareness (SETA) program, the benefits that it can bring to organizations who deploy them, and why it is important for a company to implement a security awareness program.
This document is in PDF format. To view it click here.