This chapter discusses several issues that pertain to the human element of information security and why the people that staff our organizations to pose a security challenge that cannot be directly addressed with technical controls in every case. It covers items that we might want to discuss with users including: protecting data, passwords, social engineering, network usage, malware, use of personal equipment on corporate networks, clean desk policies, and policy and regulatory knowledge. It also talks about what we can to do make our security awareness and training programs better, and the steps that we can take to make this information.