Bottom line information security always stems from the employees of an organization.

In order to be able to achieve a good level of information security, all regulations must be known and present to the employees.

In addition, responsibilities must be transparent. This is the only way to react quickly and adequately in the worst case scenario: compromised information security. In the best case scenario there is a high level of awareness of information security. In this case a model of “lived security” exists.

In this conceptual model, information security becomes part of organizational thinking in a way that additional synergetic effects can be identified and implemented.