Death by a thousand facts: Criticising the technocratic approach to information security awareness

The purpose of this paper is to examine why mainstream information security awareness techniques have failed to evolve at the same rate as automated technical security controls and to suggest improvements based on psychology and safety science.