Merely defining rules for information security does not guarantee that they will also be followed. All employees, and particularly relevant roles, must be familiar with the rules that apply. Although a failure to comply with rules is not the sole trigger of many security incidents, it is one of the reasons why they occur. Vulnerabilities stemming from insufficient knowledge of rules can pose a threat to the confidentiality, availability, and integrity of the information involved. This can hinder the fulfilment and execution of business processes and specialised tasks.