"3. Most likely to be ignored: Security awareness posters"
That's the third on a list of dozen observations on security failures by a bunch of Gartner security consultants. The list is highly cynical but most of the observations ring true. Here's another dozen.
Why is it, I wonder, that 'security awareness' has come to be so firmly equated with 'posters' and/or [generally annual] 'training sessions'? It's such a lame paradigm and does a huge disservice to those of us working on creative security awareness programs.
What we need is a security awareness awareness program. I'm just off to the printers to get some posters done. Anyone want to sign up for a security awareness awareness training session next August?