risk with little effort. Risk analysis is the process by which risk
               management is achieved and includes analyzing an environment for

               risks, evaluating each risk as to its likelihood of occurring and the cost
               of the resulting damage, assessing the cost of various countermeasures
               for each risk, and creating a cost/benefit report for safeguards to
               present to upper management.

               For a security solution to be successfully implemented, user behavior
               must change. Such changes primarily consist of alterations in normal

               work activities to comply with the standards, guidelines, and
               procedures mandated by the security policy. Behavior modification
               involves some level of learning on the part of the user. There are three
               commonly recognized learning levels: awareness, training, and
               education.