The purpose of this research is to improve the overall security of an organization by better understanding user behavior. The focus is on risk assessment of user behavior where in we will assess how users currently assess risks and how to educate them to better understand some of the risks of their online behavior. To this end, we will be conducting interviews with phishing victims in order to understand the risk assement of the compromised user.