In todays large corporations, one would say that information security managers have a lot on their plate. Security managers in companies usually lack a clear process to implement security controls in order to ensure compliance with various regulations and standards. However, there is a huge gap between the employees perception of security policies and the security managers, which negatively impacts the organisation as a whole. An employee will most likely work around the security controls to get his work done, regardless of the risks this might pose.”]