Security awareness programs and strong password policies are standard procedure in most organizations, but most enterprises don't do enough to reinforce them, according to a new survey.
According to a study published Friday by security firm Rapid7 (PDF), most companies don't go back and test their employees to see whether they have learned from security training and policy.
via Study: Enterprises Fail To Test End User Awareness Training, Password.
I haven't read the Rapid7 report. In the mean time I hold by my earlier anecdotal article.