If there are any particular topics you want me to delve into further, please feel free to send me a message. Minimally, you need to examine the points made in this article and determine if they apply to your organization. Admittedly, none of these issues can be immediately corrected. Like all security deficiencies, poor awareness programs require a concerted effort to correct the issues.
The underlying problem is that security awareness programs are more difficult to implement than most security professionals want to acknowledge. Awareness is a separate discipline that requires the appropriate knowledge, skills, and abilities (KSA) to implement a program properly. Without those KSAs in place, nor even the knowledge that a specific set of KSAs exist, security awareness programs will continue to suck.
Sign up for CIO Asia eNewsletters.