I was researching for a piece on security culture when I found an excellent post which included a paper given by Harris Miller(president of the Information Technology Association of America (ITAA)) on Internet Security to a Senate committee. I like the paper as it's well researched, concise and full of wonderful quotes including the following:
Inadequate user awareness is the single most important thing we should tackle - Richard Hackworth, HSBC
Security is a process not a product - Bruce Schneier
Security guru Bruce Schneier said “Computers and networks might be difficult to secure, but the biggest security vulnerability is still that link between keyboard and chair
You can view the post itself by clicking here. It's well worth a read as you can pick up some great references for use in your own security discussions.