The behavior of people regarding security-related concerns

The overall profitability of the organization

The number of security incidents in the past year

The technology used by the organization

Only the IT department

All departments within the organization

External security consultants exclusively

The human resources department only

Users can never be trained to avoid mistakes

Users are the best line of defense against cyber threats

Users are expected to be the last line of defense

Users are as reliable as technological firewalls

By providing vague instructions

By showing them the proper way to perform job tasks

By letting them figure it out on their own

By using scare tactics

The personal interests of the program manager

The latest cybersecurity trends

The business drivers and subcultures within the organization

The cost of training materials

Ignore all emails

Forward emails to the IT department

Determine how to handle phishing emails properly

Delete all emails without reading

To eliminate all security risks

To improve security-related behaviors and reduce losses

To punish users who make mistakes

To create a perfect security system