In today s corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company s assets and mitigate risks to the furthest extent possible. Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users core business activities. These end users are, in turn, often unaware of the risk they are exposing the organisation to. They may even feel justified in finding workarounds because they believe...