System Access: Best practices for password creation, passwords aging, minimum password length, characters to be included while choosing passwords, password maintenance, tips for safeguarding (any) accounting data; the dangers to each of these issues must be explained in the security awareness program.

Virus Protection: Best practices for malicious code protection, how often the system should be scanned, how often, if not automatically, should Live Update of the software database be done, tips for protection against (any) malicious code(viruses/trojans/worms).

Software Installation: Is freeware software forbidden?, if allowed, under what conditions, how is software piracy tolerated, are entertainment/games allowed or completely prohibited as well the installation of any other program coming from unknown and untrustworthy sources.

Removable Media(USB Drives, DVDs, CDs): "Acceptable Use" measures need to be established, the dangers of potential malicious code entering the company network or any other critical system need to be explained as well.

Encryption: Explain when, how and who must encrypt any of the company's data;
System Backups: the advantage of having backups needs to be explained; who is responsible, and how often should the data be backed up.

System Backups: The advantage of having backups needs to be explained, who is responsible, and how often should the data be backed up.

Maintenance: The risks of a potential physical security breach need to be briefly explained. Incident Handling: define what a suspicious event is, to whom it needs to be reported, and what further steps need to be taken.

Web Browsing: Define what constitutes restricted, forbidden and potentially malicious web sites, provide staff members with brief, and well summarized tips for safer browsing, additionally let them know that their Internet usage is strictly monitored in order to protect company's internal systems.