InfoSec

The Truth About Your Disastrous Security Awareness Obsession

YES!  Of course you should include security awareness as part of your overall information security strategy!  Failure to do so will likely invite "friendly advice" from your favorite auditors and call into question your credibility as an InfoSec warrior.

Conventional wisdom aside, the question remains as to the efficacy of "securing the human" through traditional security awareness methods (i.e. death by PowerPoint, internal phishing exercises, and clever marketing campaigns).