IT risk management relies on end-user and administrative compliance with the rules, regulations, and polices set up as a means of protecting information assets within the environment. Comprehension of the consequences and rewards of policy adherence is necessary if security professionals are expected to implement security, and risk management strategies that rely on the strength of policy management and distribution.