Angus McIlwraith has worked in the field of Information Security and Business Control for over 35 years. He has for many years held (and broadcast) the view that Information Security is not making the best use of time and resources by failing to address some fundamental issues. By not doing so, time and money are wasted; in some extreme circumstances, lives are being put at risk unnecessarily. Angus' professional experience was gained mainly in Financial Services and UK central government. He has worked for Lloyds Bank, American Express, NatWest Bank and Standard Life, as well as working as a consultant to a wide range of international organisations. He has spoken at many conferences, including numerous Information Security Forum (ISF) Congresses, the London-based COMPSEC conference, the Institute of Internal Auditors annual conference and the British Computer Society Information Security Specialist Group (BCS ISSG). Angus was an elected Member of the ruling Council of the ISF for eight years and was a member of the UK-based Banking Information Security Expert Panel (BISEP). He writes regularly for many publications. He held a monthly column in Information Security Management magazine, and provided a monthly piece in Secure Computing magazine for many years.

Introduction Part I: A Framework For Understanding 1. Employee Risk 2. Security Culture 3. How Are We Perceived? Part II: A Framework For Implementation 4. Practical Strategies and Techniques 5. Measuring Awareness 6. Delivery Media and Graphic Design