{Kevin Mitnick _ The Art of Deception}

Security is not one-size-fits-all. Business personnel usually have disparate
roles and responsibilities and each position has associated vulnerabilities.
There should be a base level of training that everyone in the company is
required to complete, and then people must also be trained according to their
ob profile to adhere to certain procedures that will reduce the chance that
they will become part of the problem. People who work with sensitive information
or are placed in positions of trust should be given additional specialized training.