Building an Information Security Awareness Program

In his latest book, a pre-eminent information security pundit confessed that he was wrong about the solutions to the problem of information security. It's not technology that's the solution, but the human factor-people. But even infosec policies and procedures are insufficient if employees don't know about them, or why they're important, or what can happen to them if they ignore them. The key, of course, is continuous awareness of the problems and the solutions.