At a recent conference I heard a great comment from an Information Security professional from Chennai, India. He stated that ‘culture is defined as the beliefs we accept without question.’ That is an excellent perspective and the goal we must keep in mind regarding Information Security. Our goal is to accomplish this in all our Information Security Awareness efforts. Our goal is not to teach the attendees, or force them to see our point of view, but our real objective is to generate a new culture. A culture of security where everyone practices and follows good security practices without having to think about why or what they are doing. We have really been successful when we model a new security culture – one that everyone accepts and makes a natural part of their activities.