•Organizational end users are generally in the background when it comes to protecting the IT infrastructure. As the chief security officer (CSO), develop a security awareness training communication plan for these users. Your plan must be in nontechnical terms to the user population that incorporates the confidentiality, integrity, and availability of the organization’s information assets.