Schneier has posted a very good post on "Risk intuition" and risk perception in general. This part was particularly interesting: "[...] I listened to yet another conference presenter complaining about security awareness training. He was talking about the difficulty of getting employees at his company to actually follow his security policies: encrypting data on memory sticks, not sharing passwords, not logging in from untrusted wireless networks. "We have to make people understand the risks," he said.
Risk intuition and security awareness
Risk intuition and security awareness
Risk intuition and security awareness
Schneier has posted a very good post on "Risk intuition" and risk perception in general. This part was particularly interesting: "[...] I listened to yet another conference presenter complaining about security awareness training. He was talking about the difficulty of getting employees at his company to actually follow his security policies: encrypting data on memory sticks, not sharing passwords, not logging in from untrusted wireless networks. "We have to make people understand the risks," he said.