This chapter discusses the impact of the human element in information security. We are in the third generation of information security evolution, having evolved from a focus on technical, to process based, to the current focus on the human element. Using case studies, the authors detail how existing technical and process based controls are circumvented, by focusing on weaknesses in human behavior. Factors that affect why individuals behave in a certain way, while making security decisions are discussed. A psychology framework called the conscious competence model is introduced. Using this model, typical individual security behavior is broken down into four quadrants using the individuals’ consciousness and competence. The authors explain how the model can be used by individuals to recognize their security competency level and detail steps for learning more effective behavior. Shortfalls of existing training methods are highlighted and new strategies for increasing information security competence are presented.