IT (Information Technology) managers constantly have the task of evaluating the general security level of their organization and reporting the major vulnerabilities to the leadership. Senior management is often surprised to hear that the biggest vulnerability within an organization is not a misconfigured firewall or a virus routed through an internal email server, but rather a human being. Compared to a piece of hardware or software, a human user is easily the most targeted weakness within an organization. Defining Human Vulnerability Charles and Shari Pfleeger define a vulnerability as “a weakness in the security system, for example, in procedures, design, or implementation, that could be exploited to cause loss or damage (Pfleeger & Pfleeger, 2007, p. 6 ).” Hackers and other malicious entities often target humans as the weakest link in a security system because their decision-making process is much more complex than a system's logical "yes/no" or "on/off" process Quite simply, the fact that humans are often careless, emotional, forgetful, and prone to mistakes makes them prime targets. Due to the inherent nature of humans, they are easily manipulated or exploited by adversaries in attempts to do serious harm resources of an organization. Human vulnerability ultimately takes shape as a result of a broad set of vulnerabilities including lack of security awareness, irregular or inconsistent training and education programs, and the absence of controls Security Awareness Individuals who are not aware of the fundamental aspects of the. Secure computing is a huge vulnerability to an organization's resources. Users who do not have a solid foundation in security awareness can practice...... middle of paper......Cultural Office of the Chief Information Officer. Retrieved February 26, 2011, from http://www.ocio.usda.gov/directives/doc/DM3535-002.htmSchneier, B. (2005, December 19). Insider threat statistics. Schneier on safety. Retrieved February 26, 2011, from http://www.schneier.com/blog/archives/2005/12/insider_threat.htmlUniversity of Maryland University College. (2011). CSEC 610 CyberSpace & CyberSecurity – Module 2: The vulnerability of organizational networks and the Internet. Retrieved from http://tychousa9.umuc.edu/cgi-bin/id/FlashSubmit/fs_link.pl?class=1102:CSEC610:8480&fs_project_id=304&xload&tmpl=CSEC610fixed&moduleSelected=csec610_02Vacca, J.R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann Publishers.Wiles, J. (2005, Spring). Social Engineering: The Mother of All Trojan Horses. AI Newsletter, 7, 6,7,12.