I found a great article by Kai Roer, Senior Partner at the Roer Group.
"Lately, some of the smartest people in infosec decided that security
awareness trainings are a waste of time. Last out is Bruce Schneier, who
decided to speak up against awareness training.
"The claim that security awareness trainings are not working is, in my
opinion, a claim based on wrong assumptions. It also shows a clear lack
of understanding of the inner workings of the human mind, and a total
lack of respect for your co-workers.
"If all you focus on is technology, code and cryptology, and you have
very little real interaction with people, I can understand where you are
coming from. It takes more than code to decrypt the subtleness of human
interaction." He continues with a clear cut case for training that I
think you will enjoy:
http://www.net-security.org/article.php?id=1833&p=1
