LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What does a security awareness program ultimately want to achieve?

That employees understand the importance of security and their individual contribution, know their responsibilities and the consequences of non-compliance — with the end goal of changing attitude AND behavior.

The three communication goals:

  1. Employees understand the importance of information security for the company — and their individual contribution to it ("my clicks matter")
  2. Responsibilities and expected behavior are clear — no "I didn't know that was my job"
  3. The consequences of non-compliance are clear — rules with known sanctions are taken seriously

And the headline objective: "die Einstellung und das Verhalten der Mitarbeiter zur Informationssicherheit zu ändern" — change attitude and behavior.

Why both words matter: attitude without behavior is good intentions (everyone "supports" security in surveys); behavior without attitude is brittle compliance that evaporates when nobody watches. Lasting security culture needs the inner conviction (→ TPB's persönliche Einstellung) and the outer practice. That's also why success measurement must target behavior change, not training attendance.

Go deeper:

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jul 05, 2026