Creating a risk conscious and security aware culture within an organization can provide more protection to an organization’s information infrastructure and associated data assets then any technology or information security related control that currently exists. A risk conscious and security aware culture is key to protecting an organization’s information infrastructure and associated data assets. Information threats and adversaries are more advanced and daunting than ever and show no sign of becoming less concerning in the future. In order to effectively address this issue, organizations must create and cultivate a culture and environment that embraces information risk management and security as a business benefit rather than another hurdle on the path to success. This session will focus on the key concepts and capabilities that should be considered when creating a risk aware and security conscious culture. Approaches, considerations, techniques, and case studies of organizations that have are in process of or have successfully created this type of culture will be presented throughout the session as well as discussions of current industry leading concepts and practices.