Security awareness programs and strong password policies are
     standard procedure in most organizations, but most enterprises don't
     do enough to reinforce them, according to a new survey.

     According to a study published Friday by security firm Rapid7 (PDF),
     most companies don't go back and test their employees to see whether
     they have learned from security training and policy.

   via Study: Enterprises Fail To Test End User Awareness Training,
   Password.

   I haven't read the Rapid7 report. In the mean time I hold by my earlier
   anecdotal article.
     __________________________________________________________________

   My original entry is here: [1]Study: Enterprises Fail To Test End User
   Awareness Training, Password. It posted Fri, 20 Sep 2013 16:40:33
   +0000.
   Filed under: InfoSec,

References

   1. https://www.prjorgensen.com/2013/09/20/study-enterprises-fail-to-test-end-user-awareness-training-password/