Information Security awareness initiatives are seen as critical to any information security programme. But, how do we determine the effectiveness of these awareness initiatives? We could get our employees to write a test afterwards to determine how well they understand the policies, but this does not show how it affects the employee's on the job behaviour. Does awareness training have a direct influence on the security behaviour of individuals, and what is the direct benefit of awareness training? This paper represents a study in progress that aims to answer the question: to what extent does information security awareness training influence information security behaviour? Research carried out on information security has traditionally been slanted towards technical aspects of security, typically rooted in computer science and mathematics. Security was traditionally seen as a service to be provided and not something that was influenced by users. However, it was soon recognised that...