There has been an increasing prevalence of global cyber attacks. Because of the possible breaches in information security, it has become pertinent that organisations change organisational and individual cultures to become more secure. However, there are challenges regarding the implementation of these processes within organisations. Organisations have become dependent on information systems, which stores large quantities of data and can be considered as one of an organisation’s greatest assets. Whilst employees are considered as the next important asset, their negligence, whether intentional or not, and due to their possible lack of knowledge regarding information security, have also become one of the biggest threats to information security. Employees often fall victim to phishing scams, malware and ransomware attacks. Whilst many consider the implementation of information security awareness initiatives as a solution to this impending threat, more often than not organisations utilize presentations to address information security awareness training. This approach has not been successful as the target audience has difficulty in retaining the knowledge, and this often hinders its proper implementation. Change management not only involves the change in processes and tools but also focuses on the techniques used to manage the cultural change within organisations. This paper ‘encodes’ awareness training for information security and cyber security from a change management approach and provides best practice approaches in changing an organisation’s culture from an insecure culture to a secure one.