I think we tend to pay lip service to the idea that many information assurance issues are rooted in human behaviour. I wonder if we really tend to look at this proposition carefully. We might be reluctant because of the daunting scope of human-caused problems, or we might be reluctant because we understand how difficult it really is to change human behaviour.

“Two-thirds of IT managers don’t stop company employees from downloading music online, and only 1 in 5 block them from social networking Web sites. While a study found managers are worried about lost productivity and security issues, they also are concerned that blocking access to sites might hurt staff morale. The study, funded by antivirus software maker McAfee, also found that about 20% of workers let their friends and family use company computers, about 50% connect their own gadgets to their workstations and about 60% store personal content on company PCs.”