Many Information Security people have mused why on Earth "Real People" (i.e. those without propellers) simply don't "get" security.
Like Jesper I've worked in Information Security for many years and the fundamental challenges remain - it's very easy to get most people to circumvent the pesky information security measures.
Information Security should begin with and end with responsible people using a little additional brain power to apply "electronic common sense" to decisions pertaining to information access. We techncial folk must make it easy for everyone else to make the right decision based on their objectives. We can't hope to secure information without helping users to understand security.