With all the brouhaha about VoIP security showing up on the SANS Top 20 list, it was quite refreshing to see this article -

SANS: Human error top security worry
Targeted attacks focus on humans, and they often work

November 15, 2006 (IDG News Service) -- The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: spear-phish your employees.

That's what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade. The cadets were sent a bogus e-mail that looked like it came from a colonel named Robert Melville, who claimed to be with the academy's Office of the Commandant. The Robert Melville identified as the sender of the e-mail is fictional; the real Robert Melville helped invent a short-range naval cannon called the Carronade nearly 250 years ago.

It also got some mention in CSO Online - SANS Institute: Human Error Top Security Concern

I can't count the number of times I've said this, but I'll repeat it here again. The single weakest element of any network security methodology is people. People can and will create breaches in any technological security defense we develop for networks. Education, awareness, training, and building a corporate culture of stewardship for proprietary information will do more to protect the network than any solution you can buy from a vendor