This lesson focuses on knowledge transfer, which is one of the best defenses against inside and outside attacks. Knowledge transfer consists of awareness, training and education. It is important to remember the people within the organization are considered the weakest link in an organizational security policy. Loss is not always caused by malicious behavior. The ultimate goal of knowledge transfer is to modify employee behavior. Integral to knowledge transfer is security awareness training, which gives employees the tools they need to learn about and improve attitude toward information security.