One important mission of a security awareness program is to

Familiarizing users with the organization’s security policies and procedures is the core goal of a security awareness program. When people understand what is expected—how to handle data, recognize threats like phishing, report incidents, and follow access controls—they naturally adopt safer behaviors in everyday work. This human-focused approach reduces risk more effectively than relying on hardware changes or punitive measures, because policies only protect assets if people actually follow them. The other options miss the point: improving physical security infrastructure deals with physical controls, not awareness; reducing IT workload isn’t the aim of awareness training; and focusing on disciplinary actions emphasizes punishment rather than educating employees to prevent incidents.