LOGBOOK

HELP

Quiz Entry - updated: 2026.06.24

Why do awareness campaigns exist at all — can't technical controls handle security?

Because the decisive vulnerabilities are human, and humans can't be patched — only trained.

Technical controls — the "technology" pillar of information security's three (people, process, technology) — stop known, automatable threats. But attackers route around them by targeting people: phishing, vishing, pretexting, and plain carelessness bypass firewalls and AV entirely. The recurring reasons people are the weak point — convenience, information overload, dislike of rules, chasing the newest thing — aren't fixable with software.

Awareness campaigns aim to:

  • make security understood and personally owned, not just imposed
  • build the habits behind the 5S model (especially "pay attention")
  • be measured for effectiveness (initiate → run → verify success), like any other programme

Why it's a continuous effort: threats and tricks evolve, and people forget. A one-off training fades; a campaign keeps awareness fresh.

Tip: Good awareness work treats employees as the solution ("human firewall"), not just as the problem — engagement beats blame.

From Quiz: ISF / Awareness & the 5S Model | Updated: Jun 24, 2026