A culture is not inherited, it is a learned process which implies that we can establish and shape our own information security culture within an organisation. When elements of culture have been proven effective such as best work practices, they can provide solutions to social problems of work routines or everyday life. Once the cultural elements have become dominant or are accepted, these shared elements are transmitted to others. However, an establishment of an appropriate information security culture needs participation from all employees. In order to ease on such establishment, this book introduces several principles, in which can help to guide employees on their responsibilities and roles. These principles can also be used as a human firewall to combat any threats caused by insiders. In short, implementation of such principles can help to encourage all employees to practise information security responsibilities rather than to delegate them to technical personnel alone. This book is intended to change the employees' current security perception from "they" are responsible to "all of us" are responsible with regards to information security practices within an organisation.