9 reasons why your security awareness program sucks... by CSO reporter Ira Winkler
This is a must-read for those that need to wake up and pay attention to how their employees are trained to thwart insider and external threats to their intellectual property. It's not rocket science, but it requires written policies, explicit consequences, and consistent, effective delivery to all employees and contractors.
"Improving security awareness is infinitely more complicated than telling people what not to do. Again, it is about promoting behaviors dictated by governance."