The article is premised on two predictions: that educational activities related to information systems security will soon be carried out only by generalist security professionals who lack a specific background in computer science, electrical engineering, or automated information systems; and that information security in all types of environments will remain essentially a human issue. This article emphasizes four primary points. The first is that information systems security is built on long-established principles, policies, and practices, adapted for the modern workplace. The second point is that severe damage to government and defense-related information by both internal and external offenders has occurred in the very recent past; it can happen to any organization, and the damage can be extensive. Foreign intelligence services represent only one type of threat to information systems. Finally, there are steps that every employee can take to minimize the risk of compromise or loss of information. 3 tables and 1 figure