Great article I read that argues for the majority of your users, security training is a waste of time. The article states, “These experts believe the focus on awareness training takes attention away from bigger industry issues such as failures in software design and lack of technical controls.”
We are planning our next chapter meeting, in which I will be speaking about Business Ethics and Information Security. This is not the only article that too much training in security (and personally I think too much training on any topic) can be a hinderance to the company rather than a benefit.
Unfortunately though, regulatory compliance requires the training to all users in the company….