This paper reviews the complex environment of information security and looks at several elements of security practices. The Internet serves a double-sided sword role, providing large amounts of both information and threats. But people also act in the double-edged role: they can build sturdy, secure systems and they can also topple them by falling prey to social engineering attacks. Only diligent and continuous cycles of do, study, and improve (for people and systems) will reduce risk to acceptable levels. Copyright SANS Institut